# Flog Txt Version 1 # Analyzer Version: 3.2.1 # Analyzer Build Date: Jan 31 2020 07:36:36 # Log Creation Date: 01.02.2020 04:47:03.134 Process: id = "1" image_name = "fct.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fct.exe" page_root = "0x31fc4000" os_pid = "0x990" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x444" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FCT.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e6e5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xa50 [0024.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x31f884 | out: lpSystemTimeAsFileTime=0x31f884*(dwLowDateTime=0xb2dd1680, dwHighDateTime=0x1d5d8ba)) [0024.797] GetCurrentThreadId () returned 0xa50 [0024.797] GetCurrentProcessId () returned 0x990 [0024.797] QueryPerformanceCounter (in: lpPerformanceCount=0x31f87c | out: lpPerformanceCount=0x31f87c*=16672976206) returned 1 [0024.802] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0024.802] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0024.802] GetLastError () returned 0x57 [0024.802] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0024.802] GetLastError () returned 0x57 [0024.802] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76e10000 [0024.803] GetProcAddress (hModule=0x76e10000, lpProcName="InitializeCriticalSectionEx") returned 0x76e24d28 [0024.803] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0024.803] GetLastError () returned 0x57 [0024.803] GetProcAddress (hModule=0x76e10000, lpProcName="FlsAlloc") returned 0x76e24f2b [0024.803] GetProcAddress (hModule=0x76e10000, lpProcName="FlsSetValue") returned 0x76e24208 [0024.803] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0024.803] GetLastError () returned 0x57 [0024.803] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0024.803] GetLastError () returned 0x57 [0024.803] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76e10000 [0024.803] GetProcAddress (hModule=0x76e10000, lpProcName="InitializeCriticalSectionEx") returned 0x76e24d28 [0024.804] GetProcessHeap () returned 0x6d0000 [0024.804] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0024.804] GetLastError () returned 0x57 [0024.804] GetProcAddress (hModule=0x76e10000, lpProcName="FlsAlloc") returned 0x76e24f2b [0024.804] GetLastError () returned 0x57 [0024.804] GetProcAddress (hModule=0x76e10000, lpProcName="FlsGetValue") returned 0x76e21252 [0024.804] GetProcAddress (hModule=0x76e10000, lpProcName="FlsSetValue") returned 0x76e24208 [0024.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x364) returned 0x6def00 [0024.805] SetLastError (dwErrCode=0x57) [0024.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0xe00) returned 0x6df270 [0024.806] GetStartupInfoW (in: lpStartupInfo=0x31f7bc | out: lpStartupInfo=0x31f7bc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FCT.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3b31f0, hStdOutput=0x52cc1f1b, hStdError=0xfffffffe)) [0024.806] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0024.806] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0024.806] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0024.806] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FCT.exe\" " [0024.806] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FCT.exe\" " [0024.806] GetACP () returned 0x4e4 [0024.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x220) returned 0x6e0878 [0024.806] IsValidCodePage (CodePage=0x4e4) returned 1 [0024.806] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x31f7dc | out: lpCPInfo=0x31f7dc) returned 1 [0024.806] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x31f0a4 | out: lpCPInfo=0x31f0a4) returned 1 [0024.806] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31f6b8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0024.806] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31f6b8, cbMultiByte=256, lpWideCharStr=0x31ee48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ誒;Ā") returned 256 [0024.806] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ誒;Ā", cchSrc=256, lpCharType=0x31f0b8 | out: lpCharType=0x31f0b8) returned 1 [0024.807] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31f6b8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0024.807] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31f6b8, cbMultiByte=256, lpWideCharStr=0x31edf8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0024.807] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0024.807] GetLastError () returned 0x57 [0024.807] GetProcAddress (hModule=0x76e10000, lpProcName="LCMapStringEx") returned 0x76ea47f1 [0024.807] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0024.807] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x31ebe8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0024.807] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x31f5b8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x87¯ÁRô÷1", lpUsedDefaultChar=0x0) returned 256 [0024.807] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31f6b8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0024.807] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x31f6b8, cbMultiByte=256, lpWideCharStr=0x31ee18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꙙ;Ā") returned 256 [0024.807] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꙙ;Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0024.807] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꙙ;Ā", cchSrc=256, lpDestStr=0x31ec08, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0024.807] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x31f4b8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x87¯ÁRô÷1", lpUsedDefaultChar=0x0) returned 256 [0024.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e0aa0 [0024.807] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3c5d78, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FCT.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fct.exe")) returned 0x2d [0024.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x64) returned 0x6e0b28 [0024.807] RtlInitializeSListHead (in: ListHead=0x3c5c98 | out: ListHead=0x3c5c98) [0024.808] GetLastError () returned 0x0 [0024.808] SetLastError (dwErrCode=0x0) [0024.808] GetEnvironmentStringsW () returned 0x6e0b98* [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xaca) returned 0x6e1670 [0024.808] FreeEnvironmentStringsW (penv=0x6e0b98) returned 1 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x98) returned 0x6e0b98 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x3e) returned 0x6e0c38 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x6c) returned 0x6e0c80 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x6e) returned 0x6e0cf8 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x78) returned 0x6e0d70 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x62) returned 0x6e0df0 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2e) returned 0x6e0e60 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x48) returned 0x6e0e98 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x28) returned 0x6e0ee8 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x1a) returned 0x6e0310 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x4a) returned 0x6e0f18 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x72) returned 0x6e0f70 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x30) returned 0x6e0ff0 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2e) returned 0x6e1028 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x1c) returned 0x6e0338 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0xd2) returned 0x6e1060 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x7c) returned 0x6e1140 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x36) returned 0x6e11c8 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x3a) returned 0x6e1208 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x90) returned 0x6e1250 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x24) returned 0x6e12e8 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x30) returned 0x6e1318 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x36) returned 0x6e1350 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x48) returned 0x6e1390 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x52) returned 0x6e13e0 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x3c) returned 0x6e1440 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x82) returned 0x6e1488 [0024.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2e) returned 0x6e1518 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x1e) returned 0x6e0360 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2c) returned 0x6e1550 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x54) returned 0x6e1588 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x52) returned 0x6e15e8 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2a) returned 0x6e2148 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x3c) returned 0x6e2180 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x54) returned 0x6e21c8 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x24) returned 0x6e2228 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x30) returned 0x6e2258 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x8c) returned 0x6e2290 [0024.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1670 | out: hHeap=0x6d0000) returned 1 [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x800) returned 0x6e1648 [0024.809] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0024.809] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3b286b) returned 0x0 [0024.809] GetStartupInfoW (in: lpStartupInfo=0x31f820 | out: lpStartupInfo=0x31f820*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FCT.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0024.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c9c380) returned 0x7d0020 [0024.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0400 [0024.810] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x31f5a4 | out: lpFindFileData=0x31f5a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x6e1e50 [0024.810] FindNextFileW (in: hFindFile=0x6e1e50, lpFindFileData=0x31f5a4 | out: lpFindFileData=0x31f5a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0024.811] FindNextFileW (in: hFindFile=0x6e1e50, lpFindFileData=0x31f5a4 | out: lpFindFileData=0x31f5a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0024.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0450 [0024.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0024.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0450 | out: hHeap=0x6d0000) returned 1 [0024.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0024.811] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x28c670c0, cFileName=".", cAlternateFileName="")) returned 0x6e1f20 [0024.811] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x28c670c0, cFileName="..", cAlternateFileName="")) returned 1 [0024.811] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x28c670c0, cFileName="AppData", cAlternateFileName="")) returned 1 [0024.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f60 [0024.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1fa8 [0024.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0024.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0024.811] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName=".", cAlternateFileName="")) returned 0x6e1f60 [0024.811] FindNextFileW (in: hFindFile=0x6e1f60, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="..", cAlternateFileName="")) returned 1 [0024.811] FindNextFileW (in: hFindFile=0x6e1f60, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="Local", cAlternateFileName="")) returned 1 [0024.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2068 [0024.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e20c0 [0024.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0024.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e5788 [0024.811] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6e2068 [0024.811] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0024.812] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Adobe", cAlternateFileName="")) returned 1 [0024.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e67f8 [0024.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e6860 [0024.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0024.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e68f8 [0024.812] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName=".", cAlternateFileName="")) returned 0x6e67f8 [0024.812] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="..", cAlternateFileName="")) returned 1 [0024.812] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0024.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e7978 [0024.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e79f0 [0024.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7978 | out: hHeap=0x6d0000) returned 1 [0024.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e7aa0 [0024.812] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6e7978 [0024.813] FindNextFileW (in: hFindFile=0x6e7978, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0024.813] FindNextFileW (in: hFindFile=0x6e7978, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="10.0", cAlternateFileName="")) returned 1 [0024.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e8b30 [0024.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e8bb8 [0024.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e8c40 [0024.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8bb8 | out: hHeap=0x6d0000) returned 1 [0024.813] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6e8bb8 [0024.813] FindNextFileW (in: hFindFile=0x6e8bb8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0024.814] FindNextFileW (in: hFindFile=0x6e8bb8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0024.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e9d10 [0024.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e9d98 [0024.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d10 | out: hHeap=0x6d0000) returned 1 [0024.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0024.814] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x892c, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x892c, lpOverlapped=0x0) returned 1 [0024.817] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.817] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x892c, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x892c, lpOverlapped=0x0) returned 1 [0024.817] CloseHandle (hObject=0x48) returned 1 [0024.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e9e60 [0024.818] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst.adv")) returned 1 [0024.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e60 | out: hHeap=0x6d0000) returned 1 [0024.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d98 | out: hHeap=0x6d0000) returned 1 [0024.828] FindNextFileW (in: hFindFile=0x6e8bb8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0024.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e9d10 [0024.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e9d98 [0024.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d10 | out: hHeap=0x6d0000) returned 1 [0024.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0024.830] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21cdb, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x21cdb, lpOverlapped=0x0) returned 1 [0024.833] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.833] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21cdb, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x21cdb, lpOverlapped=0x0) returned 1 [0024.834] CloseHandle (hObject=0x48) returned 1 [0024.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e9e60 [0024.835] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst.adv")) returned 1 [0024.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e60 | out: hHeap=0x6d0000) returned 1 [0024.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d98 | out: hHeap=0x6d0000) returned 1 [0024.836] FindNextFileW (in: hFindFile=0x6e8bb8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="Cache", cAlternateFileName="")) returned 1 [0024.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e9d10 [0024.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e9d98 [0024.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d10 | out: hHeap=0x6d0000) returned 1 [0024.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9e60 [0024.836] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x177, cFileName=".", cAlternateFileName="")) returned 0x6e8bf8 [0024.836] FindNextFileW (in: hFindFile=0x6e8bf8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x177, cFileName="..", cAlternateFileName="")) returned 1 [0024.836] FindNextFileW (in: hFindFile=0x6e8bf8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x177, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 1 [0024.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eaf00 [0024.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6eaf98 [0024.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf00 | out: hHeap=0x6d0000) returned 1 [0024.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0024.837] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcfc4, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xcfc4, lpOverlapped=0x0) returned 1 [0024.839] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.839] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcfc4, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xcfc4, lpOverlapped=0x0) returned 1 [0024.839] CloseHandle (hObject=0x4c) returned 1 [0024.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb078 [0024.840] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst.adv")) returned 1 [0024.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb078 | out: hHeap=0x6d0000) returned 1 [0024.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf98 | out: hHeap=0x6d0000) returned 1 [0024.840] FindNextFileW (in: hFindFile=0x6e8bf8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x177, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 0 [0024.840] FindClose (in: hFindFile=0x6e8bf8 | out: hFindFile=0x6e8bf8) returned 1 [0024.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e60 | out: hHeap=0x6d0000) returned 1 [0024.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d98 | out: hHeap=0x6d0000) returned 1 [0024.841] FindNextFileW (in: hFindFile=0x6e8bb8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="SharedDataEvents", cAlternateFileName="SHARED~1")) returned 1 [0024.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e9d10 [0024.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e9d98 [0024.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d10 | out: hHeap=0x6d0000) returned 1 [0024.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0024.841] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1400, lpOverlapped=0x0) returned 1 [0024.843] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.843] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1400, lpOverlapped=0x0) returned 1 [0024.843] CloseHandle (hObject=0x48) returned 1 [0024.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e9e60 [0024.844] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents.adv")) returned 1 [0024.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e60 | out: hHeap=0x6d0000) returned 1 [0024.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d98 | out: hHeap=0x6d0000) returned 1 [0024.844] FindNextFileW (in: hFindFile=0x6e8bb8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 1 [0024.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e9d10 [0024.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e9d98 [0024.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d10 | out: hHeap=0x6d0000) returned 1 [0024.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0024.845] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12ea5, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x12ea5, lpOverlapped=0x0) returned 1 [0024.848] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.848] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12ea5, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x12ea5, lpOverlapped=0x0) returned 1 [0024.848] CloseHandle (hObject=0x48) returned 1 [0024.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e9e60 [0024.849] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin.adv")) returned 1 [0024.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e60 | out: hHeap=0x6d0000) returned 1 [0024.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d98 | out: hHeap=0x6d0000) returned 1 [0024.850] FindNextFileW (in: hFindFile=0x6e8bb8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 0 [0024.850] FindClose (in: hFindFile=0x6e8bb8 | out: hFindFile=0x6e8bb8) returned 1 [0024.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8c40 | out: hHeap=0x6d0000) returned 1 [0024.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8b30 | out: hHeap=0x6d0000) returned 1 [0024.850] FindNextFileW (in: hFindFile=0x6e7978, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="10.0", cAlternateFileName="")) returned 0 [0024.850] FindClose (in: hFindFile=0x6e7978 | out: hFindFile=0x6e7978) returned 1 [0024.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7aa0 | out: hHeap=0x6d0000) returned 1 [0024.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e79f0 | out: hHeap=0x6d0000) returned 1 [0024.850] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="Color", cAlternateFileName="")) returned 1 [0024.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e7978 [0024.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e79f0 [0024.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e7a68 [0024.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e79f0 | out: hHeap=0x6d0000) returned 1 [0024.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6e79f0 [0024.850] FindNextFileW (in: hFindFile=0x6e79f0, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0024.850] FindNextFileW (in: hFindFile=0x6e79f0, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce719dc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x49c, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="ACECache11.lst", cAlternateFileName="ACECAC~1.LST")) returned 1 [0024.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e8b20 [0024.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e8b98 [0024.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8b20 | out: hHeap=0x6d0000) returned 1 [0024.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0024.851] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x49c, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x49c, lpOverlapped=0x0) returned 1 [0024.852] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.852] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x49c, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x49c, lpOverlapped=0x0) returned 1 [0024.853] CloseHandle (hObject=0x44) returned 1 [0024.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e8c48 [0024.853] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst.adv")) returned 1 [0024.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8c48 | out: hHeap=0x6d0000) returned 1 [0024.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8b98 | out: hHeap=0x6d0000) returned 1 [0024.854] FindNextFileW (in: hFindFile=0x6e79f0, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0024.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e8b20 [0024.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e8b98 [0024.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8b20 | out: hHeap=0x6d0000) returned 1 [0024.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e8c48 [0024.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x5be, cFileName=".", cAlternateFileName="")) returned 0x6e8b20 [0024.854] FindNextFileW (in: hFindFile=0x6e8b20, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x5be, cFileName="..", cAlternateFileName="")) returned 1 [0024.854] FindNextFileW (in: hFindFile=0x6e8b20, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x102a0, dwReserved0=0x0, dwReserved1=0x5be, cFileName="wscRGB.icc", cAlternateFileName="")) returned 1 [0024.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9ce8 [0024.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9d80 [0024.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9ce8 | out: hHeap=0x6d0000) returned 1 [0024.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0024.855] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x102a0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x102a0, lpOverlapped=0x0) returned 1 [0024.857] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.857] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x102a0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x102a0, lpOverlapped=0x0) returned 1 [0024.857] CloseHandle (hObject=0x48) returned 1 [0024.858] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9e60 [0024.858] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc.adv")) returned 1 [0024.858] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e60 | out: hHeap=0x6d0000) returned 1 [0024.858] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d80 | out: hHeap=0x6d0000) returned 1 [0024.858] FindNextFileW (in: hFindFile=0x6e8b20, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x5be, cFileName="wsRGB.icc", cAlternateFileName="")) returned 1 [0024.858] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9ce8 [0024.858] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9d80 [0024.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9ce8 | out: hHeap=0x6d0000) returned 1 [0024.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0024.859] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa74, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa74, lpOverlapped=0x0) returned 1 [0024.860] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.860] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa74, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa74, lpOverlapped=0x0) returned 1 [0024.860] CloseHandle (hObject=0x48) returned 1 [0024.861] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9e60 [0024.861] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc.adv")) returned 1 [0024.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e60 | out: hHeap=0x6d0000) returned 1 [0024.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d80 | out: hHeap=0x6d0000) returned 1 [0024.861] FindNextFileW (in: hFindFile=0x6e8b20, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x5be, cFileName="wsRGB.icc", cAlternateFileName="")) returned 0 [0024.861] FindClose (in: hFindFile=0x6e8b20 | out: hFindFile=0x6e8b20) returned 1 [0024.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8c48 | out: hHeap=0x6d0000) returned 1 [0024.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8b98 | out: hHeap=0x6d0000) returned 1 [0024.861] FindNextFileW (in: hFindFile=0x6e79f0, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="Profiles", cAlternateFileName="")) returned 0 [0024.862] FindClose (in: hFindFile=0x6e79f0 | out: hFindFile=0x6e79f0) returned 1 [0024.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7a68 | out: hHeap=0x6d0000) returned 1 [0024.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7978 | out: hHeap=0x6d0000) returned 1 [0024.862] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="Color", cAlternateFileName="")) returned 0 [0024.862] FindClose (in: hFindFile=0x6e67f8 | out: hFindFile=0x6e67f8) returned 1 [0024.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e68f8 | out: hHeap=0x6d0000) returned 1 [0024.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6860 | out: hHeap=0x6d0000) returned 1 [0024.862] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0024.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e67f8 [0024.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e6860 [0024.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0024.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e68f8 [0024.862] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="Color", cAlternateFileName="")) returned 0xffffffff [0024.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e68f8 | out: hHeap=0x6d0000) returned 1 [0024.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6860 | out: hHeap=0x6d0000) returned 1 [0024.862] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Apps", cAlternateFileName="")) returned 1 [0024.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e67f8 [0024.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e6860 [0024.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0024.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e68f8 [0024.862] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName=".", cAlternateFileName="")) returned 0x6e67f8 [0024.863] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="..", cAlternateFileName="")) returned 1 [0024.863] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="2.0", cAlternateFileName="")) returned 1 [0024.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e7978 [0024.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e79f0 [0024.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName=".", cAlternateFileName="")) returned 0x6e7a68 [0024.863] FindNextFileW (in: hFindFile=0x6e7a68, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName="..", cAlternateFileName="")) returned 1 [0024.863] FindNextFileW (in: hFindFile=0x6e7a68, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName="Data", cAlternateFileName="")) returned 1 [0024.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e8ab0 [0024.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e8b28 [0024.863] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8ab0 | out: hHeap=0x6d0000) returned 1 [0024.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e8bd8 [0024.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName=".", cAlternateFileName="")) returned 0x6e8ab0 [0024.864] FindNextFileW (in: hFindFile=0x6e8ab0, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="..", cAlternateFileName="")) returned 1 [0024.864] FindNextFileW (in: hFindFile=0x6e8ab0, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 1 [0024.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e9c68 [0024.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e9cf0 [0024.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9c68 | out: hHeap=0x6d0000) returned 1 [0024.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9db8 [0024.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9e50 [0024.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0024.864] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName=".", cAlternateFileName="")) returned 0x6e9c68 [0024.864] FindNextFileW (in: hFindFile=0x6e9c68, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="..", cAlternateFileName="")) returned 1 [0024.864] FindNextFileW (in: hFindFile=0x6e9c68, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 1 [0024.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9db8 [0024.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6eaf38 [0024.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0024.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb018 [0024.864] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName=".", cAlternateFileName="")) returned 0x6e9ca8 [0024.865] FindNextFileW (in: hFindFile=0x6e9ca8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="..", cAlternateFileName="")) returned 1 [0024.865] FindNextFileW (in: hFindFile=0x6e9ca8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0024.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ec0d8 [0024.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ec190 [0024.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec0d8 | out: hHeap=0x6d0000) returned 1 [0024.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ec2b8 [0024.865] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a3a0420, cFileName=".", cAlternateFileName="")) returned 0x6e9db8 [0024.866] FindNextFileW (in: hFindFile=0x6e9db8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a3a0420, cFileName="..", cAlternateFileName="")) returned 1 [0024.866] FindNextFileW (in: hFindFile=0x6e9db8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a3a0420, cFileName="Data", cAlternateFileName="")) returned 1 [0024.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ed3e8 [0024.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ed510 [0024.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6ed638 [0024.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed510 | out: hHeap=0x6d0000) returned 1 [0024.866] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a3a0420, cFileName=".", cAlternateFileName="")) returned 0x6e9df8 [0024.866] FindNextFileW (in: hFindFile=0x6e9df8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a3a0420, cFileName="..", cAlternateFileName="")) returned 1 [0024.866] FindNextFileW (in: hFindFile=0x6e9df8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a3a0420, cFileName="..", cAlternateFileName="")) returned 0 [0024.866] FindClose (in: hFindFile=0x6e9df8 | out: hFindFile=0x6e9df8) returned 1 [0024.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0024.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed3e8 | out: hHeap=0x6d0000) returned 1 [0024.866] FindNextFileW (in: hFindFile=0x6e9db8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a3a0420, cFileName="Data", cAlternateFileName="")) returned 0 [0024.866] FindClose (in: hFindFile=0x6e9db8 | out: hFindFile=0x6e9db8) returned 1 [0024.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0024.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec190 | out: hHeap=0x6d0000) returned 1 [0024.867] FindNextFileW (in: hFindFile=0x6e9ca8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 0 [0024.867] FindClose (in: hFindFile=0x6e9ca8 | out: hFindFile=0x6e9ca8) returned 1 [0024.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb018 | out: hHeap=0x6d0000) returned 1 [0024.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf38 | out: hHeap=0x6d0000) returned 1 [0024.867] FindNextFileW (in: hFindFile=0x6e9c68, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 0 [0024.867] FindClose (in: hFindFile=0x6e9c68 | out: hFindFile=0x6e9c68) returned 1 [0024.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e50 | out: hHeap=0x6d0000) returned 1 [0024.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9cf0 | out: hHeap=0x6d0000) returned 1 [0024.867] FindNextFileW (in: hFindFile=0x6e8ab0, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 0 [0024.867] FindClose (in: hFindFile=0x6e8ab0 | out: hFindFile=0x6e8ab0) returned 1 [0024.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8bd8 | out: hHeap=0x6d0000) returned 1 [0024.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8b28 | out: hHeap=0x6d0000) returned 1 [0024.867] FindNextFileW (in: hFindFile=0x6e7a68, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 1 [0024.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e8ab0 [0024.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e8b28 [0024.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8ab0 | out: hHeap=0x6d0000) returned 1 [0024.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e8bd8 [0024.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName=".", cAlternateFileName="")) returned 0x6e8ab0 [0024.867] FindNextFileW (in: hFindFile=0x6e8ab0, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="..", cAlternateFileName="")) returned 1 [0024.867] FindNextFileW (in: hFindFile=0x6e8ab0, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 1 [0024.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9c78 [0024.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9d10 [0024.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9c78 | out: hHeap=0x6d0000) returned 1 [0024.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9df0 [0024.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e9e98 [0024.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9df0 | out: hHeap=0x6d0000) returned 1 [0024.868] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName=".", cAlternateFileName="")) returned 0x6e9c78 [0024.869] FindNextFileW (in: hFindFile=0x6e9c78, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName="..", cAlternateFileName="")) returned 1 [0024.869] FindNextFileW (in: hFindFile=0x6e9c78, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", cAlternateFileName="CLICEX~1.000")) returned 1 [0024.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9df0 [0024.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6eaf98 [0024.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9df0 | out: hHeap=0x6d0000) returned 1 [0024.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6eb0c0 [0024.869] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName=".", cAlternateFileName="")) returned 0x6e9cb8 [0024.871] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="..", cAlternateFileName="")) returned 1 [0024.871] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 1 [0024.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ec1f0 [0024.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6ec318 [0024.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1f0 | out: hHeap=0x6d0000) returned 1 [0024.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.871] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x113f58, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x113f58, lpOverlapped=0x0) returned 1 [0024.901] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.901] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x113f58, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x113f58, lpOverlapped=0x0) returned 1 [0024.905] CloseHandle (hObject=0x50) returned 1 [0024.915] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6ec4d0 [0024.915] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe.adv")) returned 1 [0024.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4d0 | out: hHeap=0x6d0000) returned 1 [0024.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec318 | out: hHeap=0x6d0000) returned 1 [0024.916] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 0 [0024.916] FindClose (in: hFindFile=0x6e9cb8 | out: hFindFile=0x6e9cb8) returned 1 [0024.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0c0 | out: hHeap=0x6d0000) returned 1 [0024.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf98 | out: hHeap=0x6d0000) returned 1 [0024.916] FindNextFileW (in: hFindFile=0x6e9c78, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0024.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9df0 [0024.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6eaf98 [0024.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9df0 | out: hHeap=0x6d0000) returned 1 [0024.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6eb0b0 [0024.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName=".", cAlternateFileName="")) returned 0x6e9cb8 [0024.918] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="..", cAlternateFileName="")) returned 1 [0024.918] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a307ea0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c50, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="clickonce_bootstrap.exe", cAlternateFileName="CLICKO~1.EXE")) returned 1 [0024.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ec1d0 [0024.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ec2e8 [0024.918] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d0 | out: hHeap=0x6d0000) returned 1 [0024.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.919] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c50, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x3c50, lpOverlapped=0x0) returned 1 [0024.920] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.920] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c50, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x3c50, lpOverlapped=0x0) returned 1 [0024.921] CloseHandle (hObject=0x50) returned 1 [0024.921] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6ec488 [0024.921] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.adv")) returned 1 [0024.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec488 | out: hHeap=0x6d0000) returned 1 [0024.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2e8 | out: hHeap=0x6d0000) returned 1 [0024.922] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="clickonce_bootstrap.exe.cdf-ms", cAlternateFileName="")) returned 1 [0024.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ec1d0 [0024.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ec2e8 [0024.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d0 | out: hHeap=0x6d0000) returned 1 [0024.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.922] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x42d0, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x42d0, lpOverlapped=0x0) returned 1 [0024.924] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.924] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x42d0, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x42d0, lpOverlapped=0x0) returned 1 [0024.924] CloseHandle (hObject=0x50) returned 1 [0024.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6ec488 [0024.925] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.adv")) returned 1 [0024.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec488 | out: hHeap=0x6d0000) returned 1 [0024.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2e8 | out: hHeap=0x6d0000) returned 1 [0024.925] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="clickonce_bootstrap.exe.manifest", cAlternateFileName="")) returned 1 [0024.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ec1d0 [0024.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ec2e8 [0024.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d0 | out: hHeap=0x6d0000) returned 1 [0024.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.925] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x354b, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x354b, lpOverlapped=0x0) returned 1 [0024.927] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.927] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x354b, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x354b, lpOverlapped=0x0) returned 1 [0024.927] CloseHandle (hObject=0x50) returned 1 [0024.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6ec488 [0024.928] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.adv")) returned 1 [0024.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec488 | out: hHeap=0x6d0000) returned 1 [0024.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2e8 | out: hHeap=0x6d0000) returned 1 [0024.928] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="clickonce_bootstrap_unsigned.cdf-ms", cAlternateFileName="CLICKO~1.CDF")) returned 1 [0024.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ec1d0 [0024.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ec2e8 [0024.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d0 | out: hHeap=0x6d0000) returned 1 [0024.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.929] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xee0, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xee0, lpOverlapped=0x0) returned 1 [0024.930] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.930] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xee0, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xee0, lpOverlapped=0x0) returned 1 [0024.930] CloseHandle (hObject=0x50) returned 1 [0024.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6ec488 [0024.931] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.adv")) returned 1 [0024.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec488 | out: hHeap=0x6d0000) returned 1 [0024.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2e8 | out: hHeap=0x6d0000) returned 1 [0024.931] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="clickonce_bootstrap_unsigned.manifest", cAlternateFileName="CLICKO~1.MAN")) returned 1 [0024.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ec1d0 [0024.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ec2e8 [0024.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d0 | out: hHeap=0x6d0000) returned 1 [0024.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.932] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x560, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x560, lpOverlapped=0x0) returned 1 [0024.933] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.933] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x560, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x560, lpOverlapped=0x0) returned 1 [0024.934] CloseHandle (hObject=0x50) returned 1 [0024.934] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6ec488 [0024.934] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.adv")) returned 1 [0024.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec488 | out: hHeap=0x6d0000) returned 1 [0024.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2e8 | out: hHeap=0x6d0000) returned 1 [0024.935] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 1 [0024.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ec1d0 [0024.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ec2e8 [0024.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d0 | out: hHeap=0x6d0000) returned 1 [0024.935] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.935] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x113f58, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x113f58, lpOverlapped=0x0) returned 1 [0024.936] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.936] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x113f58, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x113f58, lpOverlapped=0x0) returned 1 [0024.936] CloseHandle (hObject=0x50) returned 1 [0024.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ec488 [0024.942] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe.adv")) returned 1 [0024.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec488 | out: hHeap=0x6d0000) returned 1 [0024.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2e8 | out: hHeap=0x6d0000) returned 1 [0024.942] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 0 [0024.942] FindClose (in: hFindFile=0x6e9cb8 | out: hFindFile=0x6e9cb8) returned 1 [0024.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0b0 | out: hHeap=0x6d0000) returned 1 [0024.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf98 | out: hHeap=0x6d0000) returned 1 [0024.942] FindNextFileW (in: hFindFile=0x6e9c78, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 1 [0024.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9df0 [0024.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaf98 [0024.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9df0 | out: hHeap=0x6d0000) returned 1 [0024.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb090 [0024.943] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName=".", cAlternateFileName="")) returned 0x6e9cb8 [0024.944] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="..", cAlternateFileName="")) returned 1 [0024.944] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", cAlternateFileName="CLICEX~1.CDF")) returned 1 [0024.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec160 [0024.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ec228 [0024.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec160 | out: hHeap=0x6d0000) returned 1 [0024.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.944] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x42d0, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x42d0, lpOverlapped=0x0) returned 1 [0024.944] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.944] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x42d0, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x42d0, lpOverlapped=0x0) returned 1 [0024.945] CloseHandle (hObject=0x50) returned 1 [0024.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ec370 [0024.945] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms.adv")) returned 1 [0024.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec370 | out: hHeap=0x6d0000) returned 1 [0024.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec228 | out: hHeap=0x6d0000) returned 1 [0024.946] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", cAlternateFileName="CLICEX~1.MAN")) returned 1 [0024.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec160 [0024.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ec228 [0024.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec160 | out: hHeap=0x6d0000) returned 1 [0024.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.946] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x354b, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x354b, lpOverlapped=0x0) returned 1 [0024.946] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.946] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x354b, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x354b, lpOverlapped=0x0) returned 1 [0024.946] CloseHandle (hObject=0x50) returned 1 [0024.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6ec370 [0024.947] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest.adv")) returned 1 [0024.948] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec370 | out: hHeap=0x6d0000) returned 1 [0024.948] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec228 | out: hHeap=0x6d0000) returned 1 [0024.948] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x38b0, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", cAlternateFileName="GOOGAP~1.CDF")) returned 1 [0024.948] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec160 [0024.948] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ec228 [0024.948] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec160 | out: hHeap=0x6d0000) returned 1 [0024.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.948] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x38b0, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x38b0, lpOverlapped=0x0) returned 1 [0024.950] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.950] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x38b0, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x38b0, lpOverlapped=0x0) returned 1 [0024.950] CloseHandle (hObject=0x50) returned 1 [0024.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ec370 [0024.951] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.adv")) returned 1 [0024.951] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec370 | out: hHeap=0x6d0000) returned 1 [0024.951] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec228 | out: hHeap=0x6d0000) returned 1 [0024.951] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 1 [0024.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec160 [0024.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ec228 [0024.951] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec160 | out: hHeap=0x6d0000) returned 1 [0024.951] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.951] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2e30, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x2e30, lpOverlapped=0x0) returned 1 [0024.953] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.953] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2e30, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x2e30, lpOverlapped=0x0) returned 1 [0024.953] CloseHandle (hObject=0x50) returned 1 [0024.954] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6ec370 [0024.954] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.adv")) returned 1 [0024.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec370 | out: hHeap=0x6d0000) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec228 | out: hHeap=0x6d0000) returned 1 [0024.955] FindNextFileW (in: hFindFile=0x6e9cb8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x1d2dd9e, dwReserved1=0x6a37a2c0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 0 [0024.955] FindClose (in: hFindFile=0x6e9cb8 | out: hFindFile=0x6e9cb8) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb090 | out: hHeap=0x6d0000) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf98 | out: hHeap=0x6d0000) returned 1 [0024.955] FindNextFileW (in: hFindFile=0x6e9c78, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 0 [0024.955] FindClose (in: hFindFile=0x6e9c78 | out: hFindFile=0x6e9c78) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d10 | out: hHeap=0x6d0000) returned 1 [0024.955] FindNextFileW (in: hFindFile=0x6e8ab0, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65fb9720, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 0 [0024.955] FindClose (in: hFindFile=0x6e8ab0 | out: hFindFile=0x6e8ab0) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8bd8 | out: hHeap=0x6d0000) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8b28 | out: hHeap=0x6d0000) returned 1 [0024.955] FindNextFileW (in: hFindFile=0x6e7a68, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x65f935c0, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 0 [0024.955] FindClose (in: hFindFile=0x6e7a68 | out: hFindFile=0x6e7a68) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e79f0 | out: hHeap=0x6d0000) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7978 | out: hHeap=0x6d0000) returned 1 [0024.955] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="2.0", cAlternateFileName="")) returned 0 [0024.955] FindClose (in: hFindFile=0x6e67f8 | out: hFindFile=0x6e67f8) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e68f8 | out: hHeap=0x6d0000) returned 1 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6860 | out: hHeap=0x6d0000) returned 1 [0024.955] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0024.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e67f8 [0024.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e6860 [0024.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0024.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e68f8 [0024.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e6970 [0024.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e68f8 | out: hHeap=0x6d0000) returned 1 [0024.956] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName=".", cAlternateFileName="")) returned 0x6e67f8 [0024.956] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="..", cAlternateFileName="")) returned 1 [0024.956] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xb264df80, cFileName="..", cAlternateFileName="")) returned 0 [0024.956] FindClose (in: hFindFile=0x6e67f8 | out: hFindFile=0x6e67f8) returned 1 [0024.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6970 | out: hHeap=0x6d0000) returned 1 [0024.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6860 | out: hHeap=0x6d0000) returned 1 [0024.956] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="GDIPFONTCACHEV1.DAT", cAlternateFileName="GDIPFO~1.DAT")) returned 1 [0024.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e67f8 [0024.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e6860 [0024.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0024.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0024.956] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a918, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1a918, lpOverlapped=0x0) returned 1 [0024.965] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.965] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a918, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1a918, lpOverlapped=0x0) returned 1 [0024.965] CloseHandle (hObject=0x3c) returned 1 [0024.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e68f8 [0024.966] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat.adv")) returned 1 [0024.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e68f8 | out: hHeap=0x6d0000) returned 1 [0024.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6860 | out: hHeap=0x6d0000) returned 1 [0024.967] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Google", cAlternateFileName="")) returned 1 [0024.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e67f8 [0024.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e6860 [0024.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0024.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e68f8 [0024.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x122c, cFileName=".", cAlternateFileName="")) returned 0x6e67f8 [0024.967] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x122c, cFileName="..", cAlternateFileName="")) returned 1 [0024.967] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x122c, cFileName="Chrome", cAlternateFileName="")) returned 1 [0024.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e7978 [0024.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e79f0 [0024.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7978 | out: hHeap=0x6d0000) returned 1 [0024.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e7aa0 [0024.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName=".", cAlternateFileName="")) returned 0x6e7978 [0024.967] FindNextFileW (in: hFindFile=0x6e7978, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="..", cAlternateFileName="")) returned 1 [0024.967] FindNextFileW (in: hFindFile=0x6e7978, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 1 [0024.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e8b30 [0024.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e8bb8 [0024.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8b30 | out: hHeap=0x6d0000) returned 1 [0024.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e8c80 [0024.968] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName=".", cAlternateFileName="")) returned 0x6e8b30 [0024.971] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="..", cAlternateFileName="")) returned 1 [0024.971] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="CertificateTransparency", cAlternateFileName="CERTIF~1")) returned 1 [0024.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0024.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0024.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0024.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e9e98 [0024.972] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName=".", cAlternateFileName="")) returned 0x6e8b70 [0024.977] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="..", cAlternateFileName="")) returned 1 [0024.977] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="..", cAlternateFileName="")) returned 0 [0024.977] FindClose (in: hFindFile=0x6e8b70 | out: hFindFile=0x6e8b70) returned 1 [0024.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0024.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0024.977] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="Crashpad", cAlternateFileName="")) returned 1 [0024.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0024.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0024.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0024.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9e98 [0024.977] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName=".", cAlternateFileName="")) returned 0x6e8b70 [0024.978] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="..", cAlternateFileName="")) returned 1 [0024.978] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f5beda0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="metadata", cAlternateFileName="")) returned 1 [0024.978] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0024.978] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0024.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0024.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0024.980] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.980] CloseHandle (hObject=0x4c) returned 1 [0024.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0024.980] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata.adv")) returned 1 [0024.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0024.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0024.980] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="reports", cAlternateFileName="")) returned 1 [0024.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0024.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0024.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0024.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0024.980] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName=".", cAlternateFileName="")) returned 0x6e9d20 [0024.980] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="..", cAlternateFileName="")) returned 1 [0024.981] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="..", cAlternateFileName="")) returned 0 [0024.981] FindClose (in: hFindFile=0x6e9d20 | out: hFindFile=0x6e9d20) returned 1 [0024.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0024.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0024.981] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="settings.dat", cAlternateFileName="")) returned 1 [0024.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0024.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0024.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0024.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0024.981] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x28, lpOverlapped=0x0) returned 1 [0024.982] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.982] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x28, lpOverlapped=0x0) returned 1 [0024.982] CloseHandle (hObject=0x4c) returned 1 [0024.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0024.982] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat.adv")) returned 1 [0024.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0024.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0024.983] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="settings.dat", cAlternateFileName="")) returned 0 [0024.983] FindClose (in: hFindFile=0x6e8b70 | out: hFindFile=0x6e8b70) returned 1 [0024.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0024.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0024.983] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="Default", cAlternateFileName="")) returned 1 [0024.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0024.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0024.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0024.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9e98 [0024.983] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName=".", cAlternateFileName="")) returned 0x6e8b70 [0024.985] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="..", cAlternateFileName="")) returned 1 [0024.986] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Cache", cAlternateFileName="")) returned 1 [0024.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0024.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0024.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0024.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0024.986] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c4887c0, cFileName=".", cAlternateFileName="")) returned 0x6e9d20 [0024.987] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c4887c0, cFileName="..", cAlternateFileName="")) returned 1 [0024.987] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c4887c0, cFileName="data_0", cAlternateFileName="")) returned 1 [0024.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ec1a8 [0024.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec260 [0024.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1a8 | out: hHeap=0x6d0000) returned 1 [0024.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.988] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xb000, lpOverlapped=0x0) returned 1 [0024.990] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0024.990] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xb000, lpOverlapped=0x0) returned 1 [0024.990] CloseHandle (hObject=0x50) returned 1 [0024.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec370 [0024.991] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0.adv")) returned 1 [0024.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec370 | out: hHeap=0x6d0000) returned 1 [0024.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec260 | out: hHeap=0x6d0000) returned 1 [0024.991] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c4887c0, cFileName="data_1", cAlternateFileName="")) returned 1 [0024.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ec1a8 [0024.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec260 [0024.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1a8 | out: hHeap=0x6d0000) returned 1 [0024.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0024.992] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x42000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x42000, lpOverlapped=0x0) returned 1 [0025.009] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.009] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x42000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x42000, lpOverlapped=0x0) returned 1 [0025.010] CloseHandle (hObject=0x50) returned 1 [0025.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec370 [0025.012] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1.adv")) returned 1 [0025.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec370 | out: hHeap=0x6d0000) returned 1 [0025.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec260 | out: hHeap=0x6d0000) returned 1 [0025.012] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c4887c0, cFileName="data_2", cAlternateFileName="")) returned 1 [0025.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ec1a8 [0025.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec260 [0025.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1a8 | out: hHeap=0x6d0000) returned 1 [0025.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.013] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x2000, lpOverlapped=0x0) returned 1 [0025.014] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.014] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x2000, lpOverlapped=0x0) returned 1 [0025.014] CloseHandle (hObject=0x50) returned 1 [0025.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec370 [0025.015] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2.adv")) returned 1 [0025.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec370 | out: hHeap=0x6d0000) returned 1 [0025.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec260 | out: hHeap=0x6d0000) returned 1 [0025.015] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x402000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c4887c0, cFileName="data_3", cAlternateFileName="")) returned 1 [0025.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ec1a8 [0025.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec260 [0025.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1a8 | out: hHeap=0x6d0000) returned 1 [0025.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.016] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x402000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x402000, lpOverlapped=0x0) returned 1 [0025.111] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.111] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x402000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x402000, lpOverlapped=0x0) returned 1 [0025.160] CloseHandle (hObject=0x50) returned 1 [0025.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec370 [0025.293] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3.adv")) returned 1 [0025.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec370 | out: hHeap=0x6d0000) returned 1 [0025.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec260 | out: hHeap=0x6d0000) returned 1 [0025.294] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x1d2dd9e, dwReserved1=0x9c4887c0, cFileName="index", cAlternateFileName="")) returned 1 [0025.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ec1a8 [0025.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.294] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x80170, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x80170, lpOverlapped=0x0) returned 1 [0025.324] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.324] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x80170, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x80170, lpOverlapped=0x0) returned 1 [0025.325] CloseHandle (hObject=0x50) returned 1 [0025.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec260 [0025.328] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index.adv")) returned 1 [0025.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec260 | out: hHeap=0x6d0000) returned 1 [0025.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1a8 | out: hHeap=0x6d0000) returned 1 [0025.329] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x1d2dd9e, dwReserved1=0x9c4887c0, cFileName="index", cAlternateFileName="")) returned 0 [0025.329] FindClose (in: hFindFile=0x6e9d20 | out: hFindFile=0x6e9d20) returned 1 [0025.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0025.329] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d406e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d406e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Cookies", cAlternateFileName="")) returned 1 [0025.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0025.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0025.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0025.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0025.330] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1c00, lpOverlapped=0x0) returned 1 [0025.331] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.331] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c00, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1c00, lpOverlapped=0x0) returned 1 [0025.331] CloseHandle (hObject=0x4c) returned 1 [0025.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0025.332] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies.adv")) returned 1 [0025.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0025.332] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Cookies-journal", cAlternateFileName="COOKIE~1")) returned 1 [0025.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0025.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0025.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0025.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0025.333] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.333] CloseHandle (hObject=0x4c) returned 1 [0025.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0025.333] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal.adv")) returned 1 [0025.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0025.333] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Current Session", cAlternateFileName="CURREN~1")) returned 1 [0025.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0025.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0025.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0025.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0025.334] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d6, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1d6, lpOverlapped=0x0) returned 1 [0025.335] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.335] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d6, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1d6, lpOverlapped=0x0) returned 1 [0025.335] CloseHandle (hObject=0x4c) returned 1 [0025.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0025.335] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session.adv")) returned 1 [0025.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0025.336] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3b6860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3b6860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b8f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x126, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Current Tabs", cAlternateFileName="CURREN~2")) returned 1 [0025.336] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0025.336] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0025.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0025.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0025.336] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x126, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x126, lpOverlapped=0x0) returned 1 [0025.337] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.337] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x126, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x126, lpOverlapped=0x0) returned 1 [0025.337] CloseHandle (hObject=0x4c) returned 1 [0025.338] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0025.338] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs.adv")) returned 1 [0025.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0025.338] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="data_reduction_proxy_leveldb", cAlternateFileName="DATA_R~1")) returned 1 [0025.338] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0025.338] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0025.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0025.338] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6eb0e8 [0025.338] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName=".", cAlternateFileName="")) returned 0x6e9d20 [0025.340] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="..", cAlternateFileName="")) returned 1 [0025.340] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="000003.log", cAlternateFileName="")) returned 1 [0025.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ec1d8 [0025.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6ec2c0 [0025.340] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d8 | out: hHeap=0x6d0000) returned 1 [0025.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.340] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.340] CloseHandle (hObject=0x50) returned 1 [0025.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec418 [0025.341] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log.adv")) returned 1 [0025.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec418 | out: hHeap=0x6d0000) returned 1 [0025.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2c0 | out: hHeap=0x6d0000) returned 1 [0025.341] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x922, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0025.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ec1d8 [0025.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6ec2c0 [0025.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d8 | out: hHeap=0x6d0000) returned 1 [0025.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.344] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0025.345] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.345] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0025.345] CloseHandle (hObject=0x50) returned 1 [0025.346] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec418 [0025.346] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current.adv")) returned 1 [0025.346] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec418 | out: hHeap=0x6d0000) returned 1 [0025.346] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2c0 | out: hHeap=0x6d0000) returned 1 [0025.346] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="LOCK", cAlternateFileName="")) returned 1 [0025.346] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ec1d8 [0025.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.346] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.346] CloseHandle (hObject=0x50) returned 1 [0025.346] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec2c0 [0025.346] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock.adv")) returned 1 [0025.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2c0 | out: hHeap=0x6d0000) returned 1 [0025.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d8 | out: hHeap=0x6d0000) returned 1 [0025.347] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x922, cFileName="LOG", cAlternateFileName="")) returned 1 [0025.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ec1d8 [0025.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.347] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa7, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xa7, lpOverlapped=0x0) returned 1 [0025.348] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.348] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa7, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xa7, lpOverlapped=0x0) returned 1 [0025.348] CloseHandle (hObject=0x50) returned 1 [0025.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec2c0 [0025.349] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log.adv")) returned 1 [0025.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2c0 | out: hHeap=0x6d0000) returned 1 [0025.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d8 | out: hHeap=0x6d0000) returned 1 [0025.349] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x922, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0025.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ec1d8 [0025.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6ec2c0 [0025.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1d8 | out: hHeap=0x6d0000) returned 1 [0025.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.349] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x29, lpOverlapped=0x0) returned 1 [0025.350] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.350] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x29, lpOverlapped=0x0) returned 1 [0025.350] CloseHandle (hObject=0x50) returned 1 [0025.351] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ec418 [0025.351] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001.adv")) returned 1 [0025.351] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec418 | out: hHeap=0x6d0000) returned 1 [0025.351] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2c0 | out: hHeap=0x6d0000) returned 1 [0025.351] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x922, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0025.351] FindClose (in: hFindFile=0x6e9d20 | out: hFindFile=0x6e9d20) returned 1 [0025.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0025.352] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Extension Rules", cAlternateFileName="EXTENS~3")) returned 1 [0025.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0025.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0025.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0025.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0025.352] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName=".", cAlternateFileName="")) returned 0x6e9d20 [0025.353] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="..", cAlternateFileName="")) returned 1 [0025.354] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x922, cFileName="000003.log", cAlternateFileName="")) returned 1 [0025.354] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.354] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0025.354] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.354] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x156, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x156, lpOverlapped=0x0) returned 1 [0025.355] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.355] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x156, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x156, lpOverlapped=0x0) returned 1 [0025.355] CloseHandle (hObject=0x50) returned 1 [0025.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ec3a8 [0025.356] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log.adv")) returned 1 [0025.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0025.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.356] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82adc050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82adc050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x922, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0025.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0025.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.357] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0025.357] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.358] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0025.358] CloseHandle (hObject=0x50) returned 1 [0025.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec3a8 [0025.358] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current.adv")) returned 1 [0025.358] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0025.358] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.358] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ad9940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="LOCK", cAlternateFileName="")) returned 1 [0025.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0025.358] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.359] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.359] CloseHandle (hObject=0x50) returned 1 [0025.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec3a8 [0025.359] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock.adv")) returned 1 [0025.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0025.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.360] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x922, cFileName="LOG", cAlternateFileName="")) returned 1 [0025.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.361] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9a, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x9a, lpOverlapped=0x0) returned 1 [0025.362] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.362] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9a, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x9a, lpOverlapped=0x0) returned 1 [0025.362] CloseHandle (hObject=0x50) returned 1 [0025.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec280 [0025.362] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log.adv")) returned 1 [0025.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.363] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x922, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0025.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0025.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.363] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x29, lpOverlapped=0x0) returned 1 [0025.364] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.364] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x29, lpOverlapped=0x0) returned 1 [0025.364] CloseHandle (hObject=0x50) returned 1 [0025.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ec3a8 [0025.364] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001.adv")) returned 1 [0025.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0025.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.365] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x922, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0025.365] FindClose (in: hFindFile=0x6e9d20 | out: hFindFile=0x6e9d20) returned 1 [0025.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0025.365] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Extension State", cAlternateFileName="EXTENS~2")) returned 1 [0025.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0025.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0025.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0025.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0025.365] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName=".", cAlternateFileName="")) returned 0x6e9d20 [0025.367] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="..", cAlternateFileName="")) returned 1 [0025.367] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad, dwReserved0=0x0, dwReserved1=0x922, cFileName="000003.log", cAlternateFileName="")) returned 1 [0025.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0025.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.368] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ad, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4ad, lpOverlapped=0x0) returned 1 [0025.369] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.369] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ad, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4ad, lpOverlapped=0x0) returned 1 [0025.369] CloseHandle (hObject=0x50) returned 1 [0025.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ec3a8 [0025.370] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log.adv")) returned 1 [0025.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0025.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.370] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824d3190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x922, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0025.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0025.371] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.371] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0025.372] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.372] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0025.372] CloseHandle (hObject=0x50) returned 1 [0025.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec3a8 [0025.372] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current.adv")) returned 1 [0025.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0025.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.372] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="LOCK", cAlternateFileName="")) returned 1 [0025.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0025.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.373] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.373] CloseHandle (hObject=0x50) returned 1 [0025.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec3a8 [0025.373] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock.adv")) returned 1 [0025.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0025.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.373] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x922, cFileName="LOG", cAlternateFileName="")) returned 1 [0025.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.373] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9a, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x9a, lpOverlapped=0x0) returned 1 [0025.374] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.374] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9a, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x9a, lpOverlapped=0x0) returned 1 [0025.374] CloseHandle (hObject=0x50) returned 1 [0025.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec280 [0025.375] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log.adv")) returned 1 [0025.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.375] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x922, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0025.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0025.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0025.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0025.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0025.376] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x29, lpOverlapped=0x0) returned 1 [0025.376] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.376] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x29, lpOverlapped=0x0) returned 1 [0025.377] CloseHandle (hObject=0x50) returned 1 [0025.377] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ec3a8 [0025.377] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001.adv")) returned 1 [0025.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0025.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0025.379] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x922, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0025.379] FindClose (in: hFindFile=0x6e9d20 | out: hFindFile=0x6e9d20) returned 1 [0025.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0025.380] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0025.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0025.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0025.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0025.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0025.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6eb1a0 [0025.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.380] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName=".", cAlternateFileName="")) returned 0x6e9d20 [0025.382] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="..", cAlternateFileName="")) returned 1 [0025.382] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="aapocclcgogkmnckokdopfmhonfmgoek", cAlternateFileName="AAPOCC~1")) returned 1 [0025.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0025.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec2b8 [0025.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0025.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ec4c0 [0025.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0025.382] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6e9d60 [0025.383] FindNextFileW (in: hFindFile=0x6e9d60, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0025.384] FindNextFileW (in: hFindFile=0x6e9d60, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0025.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0025.384] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0025.386] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName="..", cAlternateFileName="")) returned 1 [0025.387] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0025.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.388] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd2c, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xd2c, lpOverlapped=0x0) returned 1 [0025.389] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.389] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd2c, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xd2c, lpOverlapped=0x0) returned 1 [0025.389] CloseHandle (hObject=0x58) returned 1 [0025.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.390] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.adv")) returned 1 [0025.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.390] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0025.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.391] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xa0, lpOverlapped=0x0) returned 1 [0025.392] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.392] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xa0, lpOverlapped=0x0) returned 1 [0025.392] CloseHandle (hObject=0x58) returned 1 [0025.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.392] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.adv")) returned 1 [0025.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.393] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0025.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.394] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5c, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x5c, lpOverlapped=0x0) returned 1 [0025.395] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.395] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x5c, lpOverlapped=0x0) returned 1 [0025.395] CloseHandle (hObject=0x58) returned 1 [0025.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.395] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.adv")) returned 1 [0025.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.396] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName="main.js", cAlternateFileName="")) returned 1 [0025.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.397] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5f, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x5f, lpOverlapped=0x0) returned 1 [0025.398] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.398] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x5f, lpOverlapped=0x0) returned 1 [0025.398] CloseHandle (hObject=0x58) returned 1 [0025.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.398] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.adv")) returned 1 [0025.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.399] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0025.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.399] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x2d5, lpOverlapped=0x0) returned 1 [0025.401] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.401] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x2d5, lpOverlapped=0x0) returned 1 [0025.401] CloseHandle (hObject=0x58) returned 1 [0025.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.401] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.adv")) returned 1 [0025.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.402] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName="_locales", cAlternateFileName="")) returned 1 [0025.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0025.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.402] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0025.404] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="..", cAlternateFileName="")) returned 1 [0025.404] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="ar", cAlternateFileName="")) returned 1 [0025.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.404] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.405] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.405] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.405] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x101, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x101, lpOverlapped=0x0) returned 1 [0025.406] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.406] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x101, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x101, lpOverlapped=0x0) returned 1 [0025.406] CloseHandle (hObject=0x60) returned 1 [0025.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.407] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.adv")) returned 1 [0025.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.407] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.407] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.407] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="bg", cAlternateFileName="")) returned 1 [0025.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.408] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.408] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.408] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.408] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.409] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x110, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x110, lpOverlapped=0x0) returned 1 [0025.410] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.410] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x110, lpOverlapped=0x0) returned 1 [0025.410] CloseHandle (hObject=0x60) returned 1 [0025.411] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.411] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.adv")) returned 1 [0025.411] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.411] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.411] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.411] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.412] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="ca", cAlternateFileName="")) returned 1 [0025.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.412] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.412] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.412] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.412] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.413] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.413] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.413] CloseHandle (hObject=0x60) returned 1 [0025.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.414] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.adv")) returned 1 [0025.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.414] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.414] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.414] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="cs", cAlternateFileName="")) returned 1 [0025.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.415] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.415] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.415] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.415] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.415] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.416] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.417] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.417] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.417] CloseHandle (hObject=0x60) returned 1 [0025.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.418] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.adv")) returned 1 [0025.418] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.418] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.418] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.419] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.419] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="da", cAlternateFileName="")) returned 1 [0025.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.419] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.419] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.419] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.419] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.420] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.420] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.420] CloseHandle (hObject=0x60) returned 1 [0025.421] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.421] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.adv")) returned 1 [0025.421] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.421] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.421] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.421] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.421] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.422] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="de", cAlternateFileName="")) returned 1 [0025.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.422] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.422] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.422] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.423] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xea, lpOverlapped=0x0) returned 1 [0025.424] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.424] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xea, lpOverlapped=0x0) returned 1 [0025.424] CloseHandle (hObject=0x60) returned 1 [0025.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.424] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.adv")) returned 1 [0025.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.425] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.425] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.425] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="el", cAlternateFileName="")) returned 1 [0025.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.425] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.425] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.425] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.426] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x112, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x112, lpOverlapped=0x0) returned 1 [0025.427] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.427] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x112, lpOverlapped=0x0) returned 1 [0025.427] CloseHandle (hObject=0x60) returned 1 [0025.427] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.427] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.adv")) returned 1 [0025.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.428] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.428] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.428] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="en_GB", cAlternateFileName="")) returned 1 [0025.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.428] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.428] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.428] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.429] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd6, lpOverlapped=0x0) returned 1 [0025.430] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.430] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd6, lpOverlapped=0x0) returned 1 [0025.430] CloseHandle (hObject=0x60) returned 1 [0025.431] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.431] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json.adv")) returned 1 [0025.431] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.431] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.431] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.431] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.432] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="en_US", cAlternateFileName="")) returned 1 [0025.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.432] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.432] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.432] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.432] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0025.433] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.433] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0025.433] CloseHandle (hObject=0x60) returned 1 [0025.434] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.434] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json.adv")) returned 1 [0025.434] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.434] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.434] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.434] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.434] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.434] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.434] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="es", cAlternateFileName="")) returned 1 [0025.434] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.435] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.435] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.435] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.436] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdf, lpOverlapped=0x0) returned 1 [0025.437] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.437] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdf, lpOverlapped=0x0) returned 1 [0025.437] CloseHandle (hObject=0x60) returned 1 [0025.437] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.437] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.adv")) returned 1 [0025.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.438] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.438] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.438] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="es_419", cAlternateFileName="")) returned 1 [0025.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.438] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.438] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.438] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.439] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.439] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.440] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.440] CloseHandle (hObject=0x60) returned 1 [0025.440] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.440] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.adv")) returned 1 [0025.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.441] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.441] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.441] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="et", cAlternateFileName="")) returned 1 [0025.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.441] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.442] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.442] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.442] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd6, lpOverlapped=0x0) returned 1 [0025.443] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.443] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd6, lpOverlapped=0x0) returned 1 [0025.443] CloseHandle (hObject=0x60) returned 1 [0025.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.444] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.adv")) returned 1 [0025.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.444] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.444] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.444] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="fi", cAlternateFileName="")) returned 1 [0025.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.445] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.445] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.445] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.445] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0025.446] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.446] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0025.446] CloseHandle (hObject=0x60) returned 1 [0025.447] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.447] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.adv")) returned 1 [0025.447] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.447] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.447] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.447] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.447] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.447] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.447] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="fil", cAlternateFileName="")) returned 1 [0025.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.448] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.448] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.448] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.449] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.449] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.450] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.450] CloseHandle (hObject=0x60) returned 1 [0025.450] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.450] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.adv")) returned 1 [0025.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.451] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.451] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.451] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="fr", cAlternateFileName="")) returned 1 [0025.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.451] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.451] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.451] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.452] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0025.452] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.452] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0025.453] CloseHandle (hObject=0x60) returned 1 [0025.453] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.453] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.adv")) returned 1 [0025.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.454] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.454] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.454] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="he", cAlternateFileName="")) returned 1 [0025.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.454] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.455] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.455] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.455] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.455] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.455] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe1, lpOverlapped=0x0) returned 1 [0025.456] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.456] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe1, lpOverlapped=0x0) returned 1 [0025.456] CloseHandle (hObject=0x60) returned 1 [0025.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.457] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.adv")) returned 1 [0025.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.457] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.457] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.457] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="hi", cAlternateFileName="")) returned 1 [0025.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.457] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.458] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.458] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.458] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.458] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.458] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.458] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x123, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x123, lpOverlapped=0x0) returned 1 [0025.459] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.459] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x123, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x123, lpOverlapped=0x0) returned 1 [0025.459] CloseHandle (hObject=0x60) returned 1 [0025.459] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.460] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.adv")) returned 1 [0025.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.460] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.460] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.460] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="hu", cAlternateFileName="")) returned 1 [0025.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.460] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.482] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.482] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.483] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe6, lpOverlapped=0x0) returned 1 [0025.484] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.484] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe6, lpOverlapped=0x0) returned 1 [0025.484] CloseHandle (hObject=0x60) returned 1 [0025.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.485] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.adv")) returned 1 [0025.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.486] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.486] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.486] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="id", cAlternateFileName="")) returned 1 [0025.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.486] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.486] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.486] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.487] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd0, lpOverlapped=0x0) returned 1 [0025.487] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.487] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd0, lpOverlapped=0x0) returned 1 [0025.488] CloseHandle (hObject=0x60) returned 1 [0025.488] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.488] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.adv")) returned 1 [0025.489] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.489] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.489] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.489] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.489] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.489] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.489] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="it", cAlternateFileName="")) returned 1 [0025.489] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.489] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.489] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.489] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.490] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.490] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.490] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.490] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.490] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.490] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.491] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.491] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.491] CloseHandle (hObject=0x60) returned 1 [0025.492] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.492] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.adv")) returned 1 [0025.492] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.492] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.492] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.492] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.493] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="ja", cAlternateFileName="")) returned 1 [0025.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.493] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.493] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.493] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xec, lpOverlapped=0x0) returned 1 [0025.494] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.494] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xec, lpOverlapped=0x0) returned 1 [0025.494] CloseHandle (hObject=0x60) returned 1 [0025.495] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.495] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.adv")) returned 1 [0025.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.496] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.496] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.496] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="ko", cAlternateFileName="")) returned 1 [0025.496] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.496] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.496] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.497] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.497] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.497] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe6, lpOverlapped=0x0) returned 1 [0025.498] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.498] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe6, lpOverlapped=0x0) returned 1 [0025.498] CloseHandle (hObject=0x60) returned 1 [0025.499] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.499] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.adv")) returned 1 [0025.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.499] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.499] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.499] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="lt", cAlternateFileName="")) returned 1 [0025.499] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.499] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.499] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.500] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.500] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.500] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.500] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.500] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe4, lpOverlapped=0x0) returned 1 [0025.501] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.501] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe4, lpOverlapped=0x0) returned 1 [0025.501] CloseHandle (hObject=0x60) returned 1 [0025.502] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.502] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.adv")) returned 1 [0025.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.502] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.502] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.502] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="lv", cAlternateFileName="")) returned 1 [0025.502] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.502] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.502] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.502] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.503] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.503] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.503] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.504] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe9, lpOverlapped=0x0) returned 1 [0025.505] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.505] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe9, lpOverlapped=0x0) returned 1 [0025.505] CloseHandle (hObject=0x60) returned 1 [0025.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.505] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.adv")) returned 1 [0025.506] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.506] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.506] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.506] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.506] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.506] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.506] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="ms", cAlternateFileName="")) returned 1 [0025.506] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.506] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.506] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.506] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.506] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.506] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.506] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.507] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0025.508] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.508] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0025.508] CloseHandle (hObject=0x60) returned 1 [0025.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.508] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.adv")) returned 1 [0025.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.509] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.509] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.509] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="nl", cAlternateFileName="")) returned 1 [0025.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.510] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.510] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.510] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.511] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.512] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.512] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.512] CloseHandle (hObject=0x60) returned 1 [0025.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.512] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.adv")) returned 1 [0025.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.513] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.513] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.513] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="no", cAlternateFileName="")) returned 1 [0025.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.513] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.513] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.513] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.514] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xcb, lpOverlapped=0x0) returned 1 [0025.515] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.515] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xcb, lpOverlapped=0x0) returned 1 [0025.515] CloseHandle (hObject=0x60) returned 1 [0025.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.515] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.adv")) returned 1 [0025.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.516] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.516] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.516] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="pl", cAlternateFileName="")) returned 1 [0025.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.517] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.517] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.518] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0025.518] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.518] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0025.519] CloseHandle (hObject=0x60) returned 1 [0025.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.519] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.adv")) returned 1 [0025.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.520] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.520] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.520] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0025.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.520] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.520] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.520] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.521] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0025.521] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.522] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0025.522] CloseHandle (hObject=0x60) returned 1 [0025.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.522] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json.adv")) returned 1 [0025.523] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.523] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.523] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.523] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.523] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.523] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.523] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0025.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.523] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.524] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.524] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.524] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.524] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.524] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.524] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.525] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.525] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.525] CloseHandle (hObject=0x60) returned 1 [0025.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.526] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json.adv")) returned 1 [0025.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.527] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.527] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.527] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="ro", cAlternateFileName="")) returned 1 [0025.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.527] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.527] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.527] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0025.528] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.528] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0025.528] CloseHandle (hObject=0x60) returned 1 [0025.529] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.529] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.adv")) returned 1 [0025.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.530] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.530] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.530] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="ru", cAlternateFileName="")) returned 1 [0025.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.531] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.531] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.532] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x110, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x110, lpOverlapped=0x0) returned 1 [0025.533] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.533] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x110, lpOverlapped=0x0) returned 1 [0025.533] CloseHandle (hObject=0x60) returned 1 [0025.534] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.534] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.adv")) returned 1 [0025.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.534] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.534] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.534] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="sk", cAlternateFileName="")) returned 1 [0025.534] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.534] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.534] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.535] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.535] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.535] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.535] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.535] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.535] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.535] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe3, lpOverlapped=0x0) returned 1 [0025.536] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.536] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe3, lpOverlapped=0x0) returned 1 [0025.538] CloseHandle (hObject=0x60) returned 1 [0025.539] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.539] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.adv")) returned 1 [0025.539] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.539] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.539] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.539] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.540] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="sl", cAlternateFileName="")) returned 1 [0025.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.541] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.541] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.541] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdf, lpOverlapped=0x0) returned 1 [0025.542] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.542] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdf, lpOverlapped=0x0) returned 1 [0025.542] CloseHandle (hObject=0x60) returned 1 [0025.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.543] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.adv")) returned 1 [0025.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.543] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.544] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.544] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="sr", cAlternateFileName="")) returned 1 [0025.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.544] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.544] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.544] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0025.545] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.545] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0025.545] CloseHandle (hObject=0x60) returned 1 [0025.546] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.546] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.adv")) returned 1 [0025.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.546] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.546] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.547] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="sv", cAlternateFileName="")) returned 1 [0025.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.548] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.548] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.548] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0025.549] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.549] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0025.549] CloseHandle (hObject=0x60) returned 1 [0025.550] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.550] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.adv")) returned 1 [0025.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.552] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.552] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.552] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="th", cAlternateFileName="")) returned 1 [0025.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.552] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.552] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.552] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.553] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0025.554] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.554] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0025.554] CloseHandle (hObject=0x60) returned 1 [0025.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.554] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.adv")) returned 1 [0025.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.555] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.555] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.555] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="tr", cAlternateFileName="")) returned 1 [0025.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.555] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.556] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.556] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.557] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.557] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.558] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.558] CloseHandle (hObject=0x60) returned 1 [0025.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.558] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.adv")) returned 1 [0025.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.559] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.559] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.559] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="uk", cAlternateFileName="")) returned 1 [0025.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.559] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.559] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.559] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.560] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10e, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x10e, lpOverlapped=0x0) returned 1 [0025.560] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.561] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10e, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x10e, lpOverlapped=0x0) returned 1 [0025.561] CloseHandle (hObject=0x60) returned 1 [0025.561] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.adv")) returned 1 [0025.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.562] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.562] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.562] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="vi", cAlternateFileName="")) returned 1 [0025.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.562] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.563] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.563] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.563] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xed, lpOverlapped=0x0) returned 1 [0025.564] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.564] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xed, lpOverlapped=0x0) returned 1 [0025.564] CloseHandle (hObject=0x60) returned 1 [0025.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.565] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.adv")) returned 1 [0025.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.565] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.565] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.566] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.566] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.566] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0025.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.566] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.566] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.566] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.566] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.566] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.566] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0025.567] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.567] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0025.567] CloseHandle (hObject=0x60) returned 1 [0025.568] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.568] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json.adv")) returned 1 [0025.568] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.568] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.568] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.569] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.569] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0025.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.569] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.569] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="..", cAlternateFileName="")) returned 1 [0025.569] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.569] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd1, lpOverlapped=0x0) returned 1 [0025.570] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.570] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd1, lpOverlapped=0x0) returned 1 [0025.570] CloseHandle (hObject=0x60) returned 1 [0025.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.571] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json.adv")) returned 1 [0025.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.572] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x1d2dd9e, dwReserved1=0x85b4d630, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.572] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0025.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.572] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0025.572] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0025.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0025.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.572] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0025.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0025.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.572] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0025.573] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="..", cAlternateFileName="")) returned 1 [0025.573] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85d166b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0025.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.573] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0025.573] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x160, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x160, lpOverlapped=0x0) returned 1 [0025.574] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.574] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x160, lpOverlapped=0x0) returned 1 [0025.574] CloseHandle (hObject=0x5c) returned 1 [0025.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fa8 [0025.575] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.adv")) returned 1 [0025.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.575] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0025.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0025.576] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b56, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x2b56, lpOverlapped=0x0) returned 1 [0025.723] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.723] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b56, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x2b56, lpOverlapped=0x0) returned 1 [0025.723] CloseHandle (hObject=0x5c) returned 1 [0025.724] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fa8 [0025.724] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.adv")) returned 1 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.725] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x1bd, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0025.725] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.725] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85cf0550, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0025.725] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0025.725] FindNextFileW (in: hFindFile=0x6e9d60, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0025.725] FindClose (in: hFindFile=0x6e9d60 | out: hFindFile=0x6e9d60) returned 1 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4c0 | out: hHeap=0x6d0000) returned 1 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0025.725] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="aohghmighlieiainnegkcijnfilokake", cAlternateFileName="AOHGHM~1")) returned 1 [0025.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0025.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec2b8 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0025.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0025.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ec4c0 [0025.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0025.725] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0025.726] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0025.726] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0025.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0025.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ed638 [0025.726] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0025.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0025.726] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0025.734] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="..", cAlternateFileName="")) returned 1 [0025.734] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8d, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0025.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.735] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc8d, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xc8d, lpOverlapped=0x0) returned 1 [0025.743] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.743] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc8d, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xc8d, lpOverlapped=0x0) returned 1 [0025.744] CloseHandle (hObject=0x58) returned 1 [0025.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.744] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.adv")) returned 1 [0025.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.745] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0025.745] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.745] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.895] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8f, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x8f, lpOverlapped=0x0) returned 1 [0025.896] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.896] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8f, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x8f, lpOverlapped=0x0) returned 1 [0025.896] CloseHandle (hObject=0x58) returned 1 [0025.897] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.897] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.adv")) returned 1 [0025.897] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.897] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.897] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0025.897] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.897] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.897] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.898] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5c, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x5c, lpOverlapped=0x0) returned 1 [0025.899] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.899] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x5c, lpOverlapped=0x0) returned 1 [0025.899] CloseHandle (hObject=0x58) returned 1 [0025.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.899] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.adv")) returned 1 [0025.900] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.900] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.900] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5b, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="main.js", cAlternateFileName="")) returned 1 [0025.900] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.900] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.900] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.900] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5b, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x5b, lpOverlapped=0x0) returned 1 [0025.901] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.901] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x5b, lpOverlapped=0x0) returned 1 [0025.901] CloseHandle (hObject=0x58) returned 1 [0025.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.902] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.adv")) returned 1 [0025.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.902] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0025.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0025.903] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x2d5, lpOverlapped=0x0) returned 1 [0025.904] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.904] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x2d5, lpOverlapped=0x0) returned 1 [0025.904] CloseHandle (hObject=0x58) returned 1 [0025.905] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0025.905] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.adv")) returned 1 [0025.905] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0025.906] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="_locales", cAlternateFileName="")) returned 1 [0025.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0025.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0025.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0025.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0025.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0025.908] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="..", cAlternateFileName="")) returned 1 [0025.908] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ar", cAlternateFileName="")) returned 1 [0025.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.908] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.908] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.908] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.909] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf6, lpOverlapped=0x0) returned 1 [0025.910] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.910] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf6, lpOverlapped=0x0) returned 1 [0025.910] CloseHandle (hObject=0x60) returned 1 [0025.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.910] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.adv")) returned 1 [0025.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.911] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.911] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.911] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="bg", cAlternateFileName="")) returned 1 [0025.911] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.911] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.911] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.911] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.912] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.912] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.913] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0025.914] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.914] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0025.914] CloseHandle (hObject=0x60) returned 1 [0025.915] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.915] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.adv")) returned 1 [0025.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.915] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.915] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.916] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ca", cAlternateFileName="")) returned 1 [0025.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.916] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.916] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.916] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xcf, lpOverlapped=0x0) returned 1 [0025.917] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.917] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xcf, lpOverlapped=0x0) returned 1 [0025.917] CloseHandle (hObject=0x60) returned 1 [0025.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.918] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.adv")) returned 1 [0025.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.919] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.919] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.919] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="cs", cAlternateFileName="")) returned 1 [0025.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.919] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.919] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.919] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.920] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0025.921] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.921] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0025.921] CloseHandle (hObject=0x60) returned 1 [0025.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.922] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.adv")) returned 1 [0025.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.922] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.922] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.922] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="da", cAlternateFileName="")) returned 1 [0025.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.923] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.923] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.923] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0025.924] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.924] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0025.924] CloseHandle (hObject=0x60) returned 1 [0025.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.925] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.adv")) returned 1 [0025.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.925] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.925] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.926] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="de", cAlternateFileName="")) returned 1 [0025.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.926] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.926] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.926] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.929] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0025.930] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.930] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0025.930] CloseHandle (hObject=0x60) returned 1 [0025.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.931] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.adv")) returned 1 [0025.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.932] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.932] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.932] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="el", cAlternateFileName="")) returned 1 [0025.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.932] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.932] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.932] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.932] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0025.933] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.933] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0025.933] CloseHandle (hObject=0x60) returned 1 [0025.934] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.934] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.adv")) returned 1 [0025.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.935] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.935] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.935] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="en_GB", cAlternateFileName="")) returned 1 [0025.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.935] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.935] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.935] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.935] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.936] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd0, lpOverlapped=0x0) returned 1 [0025.937] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.937] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd0, lpOverlapped=0x0) returned 1 [0025.937] CloseHandle (hObject=0x60) returned 1 [0025.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.938] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json.adv")) returned 1 [0025.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.939] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.939] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.939] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="en_US", cAlternateFileName="")) returned 1 [0025.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.939] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.939] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.939] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.940] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd1, lpOverlapped=0x0) returned 1 [0025.941] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.941] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd1, lpOverlapped=0x0) returned 1 [0025.941] CloseHandle (hObject=0x60) returned 1 [0025.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.942] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json.adv")) returned 1 [0025.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.942] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.942] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.942] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="es", cAlternateFileName="")) returned 1 [0025.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.943] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.943] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.943] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.943] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0025.944] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.944] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0025.944] CloseHandle (hObject=0x60) returned 1 [0025.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.945] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.adv")) returned 1 [0025.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.946] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.946] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.946] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="es_419", cAlternateFileName="")) returned 1 [0025.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.947] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.947] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.947] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.948] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0025.949] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.949] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0025.949] CloseHandle (hObject=0x60) returned 1 [0025.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.949] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.adv")) returned 1 [0025.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.950] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.950] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.950] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="et", cAlternateFileName="")) returned 1 [0025.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.950] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.950] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.950] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.950] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0025.951] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.951] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0025.951] CloseHandle (hObject=0x60) returned 1 [0025.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.952] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.adv")) returned 1 [0025.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.953] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.953] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.953] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="fi", cAlternateFileName="")) returned 1 [0025.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.953] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.953] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.953] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.954] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0025.955] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.955] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0025.955] CloseHandle (hObject=0x60) returned 1 [0025.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.956] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.adv")) returned 1 [0025.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.956] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.956] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.956] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="fil", cAlternateFileName="")) returned 1 [0025.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.957] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.957] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.957] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.957] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdb, lpOverlapped=0x0) returned 1 [0025.958] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.958] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdb, lpOverlapped=0x0) returned 1 [0025.958] CloseHandle (hObject=0x60) returned 1 [0025.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.959] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.adv")) returned 1 [0025.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.959] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.959] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.959] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="fr", cAlternateFileName="")) returned 1 [0025.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.960] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.960] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.960] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.961] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0025.962] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.962] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0025.962] CloseHandle (hObject=0x60) returned 1 [0025.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.962] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.adv")) returned 1 [0025.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.963] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.963] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="he", cAlternateFileName="")) returned 1 [0025.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.964] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.965] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.965] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.965] CloseHandle (hObject=0x60) returned 1 [0025.965] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.965] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.adv")) returned 1 [0025.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.966] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.966] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.966] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="hi", cAlternateFileName="")) returned 1 [0025.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.966] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.966] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.966] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.967] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x117, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x117, lpOverlapped=0x0) returned 1 [0025.968] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.968] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x117, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x117, lpOverlapped=0x0) returned 1 [0025.968] CloseHandle (hObject=0x60) returned 1 [0025.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.969] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.adv")) returned 1 [0025.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.969] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.970] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.970] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="hu", cAlternateFileName="")) returned 1 [0025.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.970] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.970] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.970] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.970] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xeb, lpOverlapped=0x0) returned 1 [0025.971] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.971] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xeb, lpOverlapped=0x0) returned 1 [0025.971] CloseHandle (hObject=0x60) returned 1 [0025.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.972] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.adv")) returned 1 [0025.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.972] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.972] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.972] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="id", cAlternateFileName="")) returned 1 [0025.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.973] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.973] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.973] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.974] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd1, lpOverlapped=0x0) returned 1 [0025.975] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.975] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd1, lpOverlapped=0x0) returned 1 [0025.975] CloseHandle (hObject=0x60) returned 1 [0025.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.976] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.adv")) returned 1 [0025.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.976] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.976] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.976] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="it", cAlternateFileName="")) returned 1 [0025.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.976] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.977] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.977] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.978] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0025.978] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.979] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0025.979] CloseHandle (hObject=0x60) returned 1 [0025.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.979] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.adv")) returned 1 [0025.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.980] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.980] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.980] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ja", cAlternateFileName="")) returned 1 [0025.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.980] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.980] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.980] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.981] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.982] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.982] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0025.982] CloseHandle (hObject=0x60) returned 1 [0025.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.983] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.adv")) returned 1 [0025.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.983] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.983] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.984] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.984] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.984] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ko", cAlternateFileName="")) returned 1 [0025.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.984] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.984] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.984] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.984] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.984] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.984] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xda, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xda, lpOverlapped=0x0) returned 1 [0025.985] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.985] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xda, lpOverlapped=0x0) returned 1 [0025.985] CloseHandle (hObject=0x60) returned 1 [0025.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.986] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.adv")) returned 1 [0025.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.986] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.986] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.987] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="lt", cAlternateFileName="")) returned 1 [0025.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.987] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.987] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.987] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.988] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe4, lpOverlapped=0x0) returned 1 [0025.989] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.989] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe4, lpOverlapped=0x0) returned 1 [0025.989] CloseHandle (hObject=0x60) returned 1 [0025.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.990] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.adv")) returned 1 [0025.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.990] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.990] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.990] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="lv", cAlternateFileName="")) returned 1 [0025.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.991] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.991] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.991] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.992] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.992] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0025.992] CloseHandle (hObject=0x60) returned 1 [0025.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.992] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.adv")) returned 1 [0025.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.993] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.993] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.993] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ms", cAlternateFileName="")) returned 1 [0025.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.993] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.993] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.994] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.994] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xcf, lpOverlapped=0x0) returned 1 [0025.995] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.995] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xcf, lpOverlapped=0x0) returned 1 [0025.995] CloseHandle (hObject=0x60) returned 1 [0025.996] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.996] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.adv")) returned 1 [0025.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0025.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0025.997] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0025.997] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0025.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0025.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0025.997] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="nl", cAlternateFileName="")) returned 1 [0025.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0025.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0025.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0025.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0025.997] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0025.997] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0025.997] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0025.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0025.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0025.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0025.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0025.997] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0025.998] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0025.998] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0025.998] CloseHandle (hObject=0x60) returned 1 [0025.999] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0025.999] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.adv")) returned 1 [0026.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.000] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.000] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.000] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="no", cAlternateFileName="")) returned 1 [0026.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.000] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.000] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.000] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.001] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc3, lpOverlapped=0x0) returned 1 [0026.002] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.002] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc3, lpOverlapped=0x0) returned 1 [0026.002] CloseHandle (hObject=0x60) returned 1 [0026.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.003] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.adv")) returned 1 [0026.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.003] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.004] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.004] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="pl", cAlternateFileName="")) returned 1 [0026.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.004] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.004] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.004] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.005] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.005] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.005] CloseHandle (hObject=0x60) returned 1 [0026.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.006] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.adv")) returned 1 [0026.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.009] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.009] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.009] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0026.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.009] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.009] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.009] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.010] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0026.011] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.011] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0026.011] CloseHandle (hObject=0x60) returned 1 [0026.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.012] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json.adv")) returned 1 [0026.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.013] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.013] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.013] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0026.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.013] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.013] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.013] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.013] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd0, lpOverlapped=0x0) returned 1 [0026.014] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.014] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd0, lpOverlapped=0x0) returned 1 [0026.014] CloseHandle (hObject=0x60) returned 1 [0026.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.015] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json.adv")) returned 1 [0026.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.016] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.016] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.016] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ro", cAlternateFileName="")) returned 1 [0026.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.016] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.016] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.016] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.017] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.018] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.018] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.018] CloseHandle (hObject=0x60) returned 1 [0026.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.019] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.adv")) returned 1 [0026.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.019] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.019] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.020] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ru", cAlternateFileName="")) returned 1 [0026.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.020] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.020] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.020] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.020] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x10a, lpOverlapped=0x0) returned 1 [0026.021] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.021] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x10a, lpOverlapped=0x0) returned 1 [0026.021] CloseHandle (hObject=0x60) returned 1 [0026.022] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.022] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.adv")) returned 1 [0026.022] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.023] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.023] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.023] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sk", cAlternateFileName="")) returned 1 [0026.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.023] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.023] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.023] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.024] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0026.025] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.025] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0026.025] CloseHandle (hObject=0x60) returned 1 [0026.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.026] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.adv")) returned 1 [0026.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.026] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.026] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.026] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sl", cAlternateFileName="")) returned 1 [0026.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.027] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.027] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.027] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.027] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.027] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.027] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xda, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xda, lpOverlapped=0x0) returned 1 [0026.028] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.028] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xda, lpOverlapped=0x0) returned 1 [0026.028] CloseHandle (hObject=0x60) returned 1 [0026.029] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.adv")) returned 1 [0026.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.029] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.030] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.030] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sr", cAlternateFileName="")) returned 1 [0026.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.030] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.030] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.030] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.031] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf8, lpOverlapped=0x0) returned 1 [0026.032] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.032] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf8, lpOverlapped=0x0) returned 1 [0026.032] CloseHandle (hObject=0x60) returned 1 [0026.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.033] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.adv")) returned 1 [0026.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.033] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.033] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.033] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sv", cAlternateFileName="")) returned 1 [0026.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.033] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.034] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.034] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.034] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd6, lpOverlapped=0x0) returned 1 [0026.035] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.035] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd6, lpOverlapped=0x0) returned 1 [0026.035] CloseHandle (hObject=0x60) returned 1 [0026.036] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.036] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.adv")) returned 1 [0026.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.036] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.037] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.037] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="th", cAlternateFileName="")) returned 1 [0026.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.037] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.037] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.037] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.038] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.039] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.039] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.039] CloseHandle (hObject=0x60) returned 1 [0026.040] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.040] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.adv")) returned 1 [0026.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.041] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.041] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.041] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="tr", cAlternateFileName="")) returned 1 [0026.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.041] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.041] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.041] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.042] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe3, lpOverlapped=0x0) returned 1 [0026.042] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.042] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe3, lpOverlapped=0x0) returned 1 [0026.043] CloseHandle (hObject=0x60) returned 1 [0026.043] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.043] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.adv")) returned 1 [0026.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.044] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.044] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.044] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="uk", cAlternateFileName="")) returned 1 [0026.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.044] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.044] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.044] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.045] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0026.046] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.046] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0026.046] CloseHandle (hObject=0x60) returned 1 [0026.047] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.047] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.adv")) returned 1 [0026.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.048] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.048] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.048] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="vi", cAlternateFileName="")) returned 1 [0026.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.048] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.048] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.048] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.049] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe1, lpOverlapped=0x0) returned 1 [0026.049] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.049] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe1, lpOverlapped=0x0) returned 1 [0026.050] CloseHandle (hObject=0x60) returned 1 [0026.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.050] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.adv")) returned 1 [0026.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.051] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.051] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.052] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0026.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.052] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.052] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.052] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.052] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.052] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0026.053] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.053] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0026.053] CloseHandle (hObject=0x60) returned 1 [0026.054] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.054] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json.adv")) returned 1 [0026.054] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.055] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.055] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.055] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0026.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.055] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.055] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="..", cAlternateFileName="")) returned 1 [0026.055] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.056] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0026.056] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.057] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xce, lpOverlapped=0x0) returned 1 [0026.057] CloseHandle (hObject=0x60) returned 1 [0026.057] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.057] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json.adv")) returned 1 [0026.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.058] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dd9e, dwReserved1=0x86702750, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.058] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.058] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0026.058] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0026.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.058] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0026.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0026.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.058] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.059] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="..", cAlternateFileName="")) returned 1 [0026.059] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0026.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.060] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x160, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x160, lpOverlapped=0x0) returned 1 [0026.060] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.060] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x160, lpOverlapped=0x0) returned 1 [0026.061] CloseHandle (hObject=0x5c) returned 1 [0026.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fa8 [0026.061] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.adv")) returned 1 [0026.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.062] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0026.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.062] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b56, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x2b56, lpOverlapped=0x0) returned 1 [0026.064] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.064] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b56, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x2b56, lpOverlapped=0x0) returned 1 [0026.064] CloseHandle (hObject=0x5c) returned 1 [0026.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fa8 [0026.065] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.adv")) returned 1 [0026.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.065] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0026.065] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0026.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.065] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0026.065] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0026.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0026.065] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0026.065] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0026.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4c0 | out: hHeap=0x6d0000) returned 1 [0026.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0026.066] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="apdfllckaahabafndbhieahigkjlhalf", cAlternateFileName="APDFLL~1")) returned 1 [0026.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0026.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec2b8 [0026.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0026.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ec4c0 [0026.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.066] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0026.066] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0026.066] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="14.1_0", cAlternateFileName="")) returned 1 [0026.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ed638 [0026.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ee8b0 [0026.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.066] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0026.069] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="..", cAlternateFileName="")) returned 1 [0026.069] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a33, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="128.png", cAlternateFileName="")) returned 1 [0026.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6efa40 [0026.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.070] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a33, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x1a33, lpOverlapped=0x0) returned 1 [0026.072] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.072] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a33, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x1a33, lpOverlapped=0x0) returned 1 [0026.072] CloseHandle (hObject=0x58) returned 1 [0026.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efbc8 [0026.073] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.adv")) returned 1 [0026.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa40 | out: hHeap=0x6d0000) returned 1 [0026.073] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8716c790, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ec, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0026.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6efa40 [0026.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.073] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3ec, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x3ec, lpOverlapped=0x0) returned 1 [0026.075] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.075] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3ec, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x3ec, lpOverlapped=0x0) returned 1 [0026.075] CloseHandle (hObject=0x58) returned 1 [0026.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efbc8 [0026.076] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.adv")) returned 1 [0026.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa40 | out: hHeap=0x6d0000) returned 1 [0026.077] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="_locales", cAlternateFileName="")) returned 1 [0026.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6efa40 [0026.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efce0 [0026.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.077] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.078] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="..", cAlternateFileName="")) returned 1 [0026.078] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="ar", cAlternateFileName="")) returned 1 [0026.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.078] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.079] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.079] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.081] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x116, lpOverlapped=0x0) returned 1 [0026.082] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.082] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x116, lpOverlapped=0x0) returned 1 [0026.082] CloseHandle (hObject=0x60) returned 1 [0026.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.082] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.adv")) returned 1 [0026.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.083] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.083] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.083] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="bg", cAlternateFileName="")) returned 1 [0026.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.083] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.084] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.084] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.084] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x13f, lpOverlapped=0x0) returned 1 [0026.085] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.085] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x13f, lpOverlapped=0x0) returned 1 [0026.085] CloseHandle (hObject=0x60) returned 1 [0026.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.086] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.adv")) returned 1 [0026.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.087] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.087] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.087] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="ca", cAlternateFileName="")) returned 1 [0026.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.087] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.087] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.087] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.089] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x109, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x109, lpOverlapped=0x0) returned 1 [0026.090] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.090] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x109, lpOverlapped=0x0) returned 1 [0026.091] CloseHandle (hObject=0x60) returned 1 [0026.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.091] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.adv")) returned 1 [0026.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.092] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.092] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.092] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="cs", cAlternateFileName="")) returned 1 [0026.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.092] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.092] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.092] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.093] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x103, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x103, lpOverlapped=0x0) returned 1 [0026.093] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.093] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x103, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x103, lpOverlapped=0x0) returned 1 [0026.094] CloseHandle (hObject=0x60) returned 1 [0026.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.094] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.adv")) returned 1 [0026.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.095] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.095] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.095] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="da", cAlternateFileName="")) returned 1 [0026.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.095] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.095] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.095] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.096] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf3, lpOverlapped=0x0) returned 1 [0026.097] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.097] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf3, lpOverlapped=0x0) returned 1 [0026.097] CloseHandle (hObject=0x60) returned 1 [0026.098] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.098] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.adv")) returned 1 [0026.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.098] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.098] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.098] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="de", cAlternateFileName="")) returned 1 [0026.098] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.099] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.099] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.099] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.099] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x100, lpOverlapped=0x0) returned 1 [0026.100] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.100] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x100, lpOverlapped=0x0) returned 1 [0026.100] CloseHandle (hObject=0x60) returned 1 [0026.101] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.101] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.adv")) returned 1 [0026.101] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.101] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.101] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.101] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.102] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="el", cAlternateFileName="")) returned 1 [0026.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.102] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.102] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x149, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.103] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x149, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x149, lpOverlapped=0x0) returned 1 [0026.104] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.104] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x149, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x149, lpOverlapped=0x0) returned 1 [0026.104] CloseHandle (hObject=0x60) returned 1 [0026.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.105] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.adv")) returned 1 [0026.105] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.105] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.105] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x149, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.105] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.105] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.105] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.105] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="en_GB", cAlternateFileName="")) returned 1 [0026.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.105] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.105] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.106] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.106] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.106] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.106] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.106] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.106] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf9, lpOverlapped=0x0) returned 1 [0026.107] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.107] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf9, lpOverlapped=0x0) returned 1 [0026.107] CloseHandle (hObject=0x60) returned 1 [0026.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.108] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json.adv")) returned 1 [0026.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.108] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.108] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.108] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="en_US", cAlternateFileName="")) returned 1 [0026.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.109] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.109] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.109] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.110] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf9, lpOverlapped=0x0) returned 1 [0026.111] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.111] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf9, lpOverlapped=0x0) returned 1 [0026.111] CloseHandle (hObject=0x60) returned 1 [0026.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.111] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json.adv")) returned 1 [0026.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.112] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.112] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.112] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="es", cAlternateFileName="")) returned 1 [0026.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.112] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.112] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.112] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.113] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x103, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x103, lpOverlapped=0x0) returned 1 [0026.114] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.114] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x103, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x103, lpOverlapped=0x0) returned 1 [0026.114] CloseHandle (hObject=0x60) returned 1 [0026.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.114] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.adv")) returned 1 [0026.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.115] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.115] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.115] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="es_419", cAlternateFileName="")) returned 1 [0026.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f1150 [0026.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.115] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.116] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.116] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2310 [0026.116] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.117] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x103, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x103, lpOverlapped=0x0) returned 1 [0026.117] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.117] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x103, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x103, lpOverlapped=0x0) returned 1 [0026.118] CloseHandle (hObject=0x60) returned 1 [0026.118] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f24c8 [0026.118] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.adv")) returned 1 [0026.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f24c8 | out: hHeap=0x6d0000) returned 1 [0026.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2310 | out: hHeap=0x6d0000) returned 1 [0026.118] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.118] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.119] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1150 | out: hHeap=0x6d0000) returned 1 [0026.119] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.119] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="et", cAlternateFileName="")) returned 1 [0026.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.119] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.119] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.119] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.119] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.119] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.119] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfb, lpOverlapped=0x0) returned 1 [0026.120] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.120] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfb, lpOverlapped=0x0) returned 1 [0026.120] CloseHandle (hObject=0x60) returned 1 [0026.121] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.121] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.adv")) returned 1 [0026.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.122] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.122] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.122] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="eu", cAlternateFileName="")) returned 1 [0026.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.122] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.122] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.122] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.124] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf3, lpOverlapped=0x0) returned 1 [0026.125] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.125] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf3, lpOverlapped=0x0) returned 1 [0026.125] CloseHandle (hObject=0x60) returned 1 [0026.126] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.126] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.adv")) returned 1 [0026.126] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.127] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.127] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.127] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="fi", cAlternateFileName="")) returned 1 [0026.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.127] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.127] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.127] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.127] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x101, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x101, lpOverlapped=0x0) returned 1 [0026.128] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.128] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x101, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x101, lpOverlapped=0x0) returned 1 [0026.128] CloseHandle (hObject=0x60) returned 1 [0026.129] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.129] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.adv")) returned 1 [0026.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.130] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.130] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.130] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="fil", cAlternateFileName="")) returned 1 [0026.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.130] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.130] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.130] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.131] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0026.132] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.132] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0026.132] CloseHandle (hObject=0x60) returned 1 [0026.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.133] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.adv")) returned 1 [0026.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.134] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.134] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.134] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="fr", cAlternateFileName="")) returned 1 [0026.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.134] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.134] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.134] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.135] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfc, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfc, lpOverlapped=0x0) returned 1 [0026.135] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.136] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfc, lpOverlapped=0x0) returned 1 [0026.136] CloseHandle (hObject=0x60) returned 1 [0026.136] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.136] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.adv")) returned 1 [0026.137] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.137] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.137] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.137] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.137] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.137] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.137] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="he", cAlternateFileName="")) returned 1 [0026.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.137] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.137] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.137] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.137] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.139] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x116, lpOverlapped=0x0) returned 1 [0026.140] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.140] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x116, lpOverlapped=0x0) returned 1 [0026.140] CloseHandle (hObject=0x60) returned 1 [0026.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.141] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.adv")) returned 1 [0026.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.141] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.141] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.141] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="hi", cAlternateFileName="")) returned 1 [0026.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.141] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.142] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.142] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x159, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.142] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.142] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.142] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.142] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x159, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x159, lpOverlapped=0x0) returned 1 [0026.143] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.143] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x159, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x159, lpOverlapped=0x0) returned 1 [0026.143] CloseHandle (hObject=0x60) returned 1 [0026.144] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.144] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.adv")) returned 1 [0026.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.144] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x159, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.144] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.144] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="hr", cAlternateFileName="")) returned 1 [0026.144] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.145] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.145] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x107, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.146] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x107, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x107, lpOverlapped=0x0) returned 1 [0026.147] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.147] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x107, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x107, lpOverlapped=0x0) returned 1 [0026.147] CloseHandle (hObject=0x60) returned 1 [0026.147] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.148] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.adv")) returned 1 [0026.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.148] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x107, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.148] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.148] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="hu", cAlternateFileName="")) returned 1 [0026.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.149] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.149] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.149] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.149] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0026.150] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.150] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0026.150] CloseHandle (hObject=0x60) returned 1 [0026.151] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.151] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.adv")) returned 1 [0026.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.151] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.151] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.152] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="id", cAlternateFileName="")) returned 1 [0026.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.152] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.152] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.152] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x105, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.153] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x105, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x105, lpOverlapped=0x0) returned 1 [0026.154] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.154] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x105, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x105, lpOverlapped=0x0) returned 1 [0026.154] CloseHandle (hObject=0x60) returned 1 [0026.154] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.155] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.adv")) returned 1 [0026.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.155] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x105, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.155] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.155] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="it", cAlternateFileName="")) returned 1 [0026.155] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.155] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.155] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.155] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.156] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.156] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.156] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x102, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x102, lpOverlapped=0x0) returned 1 [0026.157] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.157] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x102, lpOverlapped=0x0) returned 1 [0026.157] CloseHandle (hObject=0x60) returned 1 [0026.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.158] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.adv")) returned 1 [0026.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.158] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.158] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.159] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="ja", cAlternateFileName="")) returned 1 [0026.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.159] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.159] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.159] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.160] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x125, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x125, lpOverlapped=0x0) returned 1 [0026.161] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.161] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x125, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x125, lpOverlapped=0x0) returned 1 [0026.161] CloseHandle (hObject=0x60) returned 1 [0026.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.162] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.adv")) returned 1 [0026.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.165] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.165] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.165] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="ko", cAlternateFileName="")) returned 1 [0026.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.165] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.165] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.165] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x119, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x119, lpOverlapped=0x0) returned 1 [0026.167] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.167] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x119, lpOverlapped=0x0) returned 1 [0026.167] CloseHandle (hObject=0x60) returned 1 [0026.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.167] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.adv")) returned 1 [0026.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.168] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.168] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.168] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="lt", cAlternateFileName="")) returned 1 [0026.168] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.168] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.168] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.168] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.168] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.169] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11d, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.169] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11d, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x11d, lpOverlapped=0x0) returned 1 [0026.170] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.170] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11d, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x11d, lpOverlapped=0x0) returned 1 [0026.170] CloseHandle (hObject=0x60) returned 1 [0026.171] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.171] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.adv")) returned 1 [0026.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.172] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11d, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.172] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.172] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="lv", cAlternateFileName="")) returned 1 [0026.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.172] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.172] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.172] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.173] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x102, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x102, lpOverlapped=0x0) returned 1 [0026.173] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.173] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x102, lpOverlapped=0x0) returned 1 [0026.174] CloseHandle (hObject=0x60) returned 1 [0026.174] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.174] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.adv")) returned 1 [0026.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.175] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.175] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.175] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="ms", cAlternateFileName="")) returned 1 [0026.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.175] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.175] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.176] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.176] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.176] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.177] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.177] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.177] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.178] CloseHandle (hObject=0x60) returned 1 [0026.178] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.178] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.adv")) returned 1 [0026.179] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.179] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.179] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.179] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.179] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.179] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.179] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="nl", cAlternateFileName="")) returned 1 [0026.179] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.179] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.179] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.179] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.179] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.179] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.190] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.190] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.190] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.191] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf2, lpOverlapped=0x0) returned 1 [0026.191] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.192] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf2, lpOverlapped=0x0) returned 1 [0026.192] CloseHandle (hObject=0x60) returned 1 [0026.192] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.192] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.adv")) returned 1 [0026.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.193] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.193] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.193] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="no", cAlternateFileName="")) returned 1 [0026.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.193] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.193] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.193] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.272] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xda, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xda, lpOverlapped=0x0) returned 1 [0026.273] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.273] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xda, lpOverlapped=0x0) returned 1 [0026.273] CloseHandle (hObject=0x60) returned 1 [0026.274] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.adv")) returned 1 [0026.275] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.275] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.275] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.275] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.275] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.275] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.275] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="pl", cAlternateFileName="")) returned 1 [0026.275] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.275] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.275] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.276] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.276] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.276] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x101, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x101, lpOverlapped=0x0) returned 1 [0026.277] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.277] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x101, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x101, lpOverlapped=0x0) returned 1 [0026.277] CloseHandle (hObject=0x60) returned 1 [0026.277] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.278] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.adv")) returned 1 [0026.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.278] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.278] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.278] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0026.278] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.278] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.278] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.279] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.279] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.279] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.279] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.279] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.280] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf6, lpOverlapped=0x0) returned 1 [0026.280] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.280] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf6, lpOverlapped=0x0) returned 1 [0026.281] CloseHandle (hObject=0x60) returned 1 [0026.281] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.281] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json.adv")) returned 1 [0026.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.282] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.282] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.282] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0026.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.282] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.282] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.283] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.283] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0026.284] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.284] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0026.284] CloseHandle (hObject=0x60) returned 1 [0026.284] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.284] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json.adv")) returned 1 [0026.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.285] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.285] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.285] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="ro", cAlternateFileName="")) returned 1 [0026.285] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.285] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.285] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.285] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.286] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.286] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.286] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.286] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.286] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.287] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x119, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x119, lpOverlapped=0x0) returned 1 [0026.287] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.287] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x119, lpOverlapped=0x0) returned 1 [0026.288] CloseHandle (hObject=0x60) returned 1 [0026.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.288] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.adv")) returned 1 [0026.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.289] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.289] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.289] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="ru", cAlternateFileName="")) returned 1 [0026.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.289] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.290] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.290] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x152, lpOverlapped=0x0) returned 1 [0026.291] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.291] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x152, lpOverlapped=0x0) returned 1 [0026.291] CloseHandle (hObject=0x60) returned 1 [0026.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.292] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.adv")) returned 1 [0026.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.292] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.292] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.293] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="sk", cAlternateFileName="")) returned 1 [0026.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.293] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.293] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.293] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f7ed20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.294] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x112, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x112, lpOverlapped=0x0) returned 1 [0026.295] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.295] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x112, lpOverlapped=0x0) returned 1 [0026.295] CloseHandle (hObject=0x60) returned 1 [0026.295] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.296] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.adv")) returned 1 [0026.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.296] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f7ed20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.296] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.296] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="sl", cAlternateFileName="")) returned 1 [0026.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.296] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.297] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.297] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.297] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.297] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.297] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.297] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10c, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x10c, lpOverlapped=0x0) returned 1 [0026.298] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.298] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10c, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x10c, lpOverlapped=0x0) returned 1 [0026.298] CloseHandle (hObject=0x60) returned 1 [0026.299] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.299] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.adv")) returned 1 [0026.299] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.299] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.299] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.299] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.299] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.299] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.299] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="sr", cAlternateFileName="")) returned 1 [0026.299] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.299] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.300] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.300] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.300] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.300] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11f, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.300] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.301] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x11f, lpOverlapped=0x0) returned 1 [0026.302] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.302] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x11f, lpOverlapped=0x0) returned 1 [0026.302] CloseHandle (hObject=0x60) returned 1 [0026.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.302] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.adv")) returned 1 [0026.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.303] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11f, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.303] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.303] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="sv", cAlternateFileName="")) returned 1 [0026.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.303] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.303] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.303] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.304] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.304] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.304] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.304] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfd, lpOverlapped=0x0) returned 1 [0026.305] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.305] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfd, lpOverlapped=0x0) returned 1 [0026.305] CloseHandle (hObject=0x60) returned 1 [0026.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.306] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.adv")) returned 1 [0026.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.306] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.306] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.306] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="th", cAlternateFileName="")) returned 1 [0026.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.307] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.307] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.307] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x164, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.308] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x164, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x164, lpOverlapped=0x0) returned 1 [0026.309] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.309] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x164, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x164, lpOverlapped=0x0) returned 1 [0026.309] CloseHandle (hObject=0x60) returned 1 [0026.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.309] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.adv")) returned 1 [0026.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.310] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x164, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.310] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.310] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="tr", cAlternateFileName="")) returned 1 [0026.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.310] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.310] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.311] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.311] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10e, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x10e, lpOverlapped=0x0) returned 1 [0026.312] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.312] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10e, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x10e, lpOverlapped=0x0) returned 1 [0026.312] CloseHandle (hObject=0x60) returned 1 [0026.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.312] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.adv")) returned 1 [0026.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.313] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.313] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.313] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="uk", cAlternateFileName="")) returned 1 [0026.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.313] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.313] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.313] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.314] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.314] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x161, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x161, lpOverlapped=0x0) returned 1 [0026.315] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.315] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x161, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x161, lpOverlapped=0x0) returned 1 [0026.315] CloseHandle (hObject=0x60) returned 1 [0026.316] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.316] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.adv")) returned 1 [0026.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.317] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.317] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.317] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="vi", cAlternateFileName="")) returned 1 [0026.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.317] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.317] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.318] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x117, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x117, lpOverlapped=0x0) returned 1 [0026.318] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.318] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x117, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x117, lpOverlapped=0x0) returned 1 [0026.319] CloseHandle (hObject=0x60) returned 1 [0026.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.319] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.adv")) returned 1 [0026.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.320] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.320] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.320] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0026.320] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.320] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.320] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.320] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.321] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.321] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x111, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.321] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.322] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x111, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x111, lpOverlapped=0x0) returned 1 [0026.322] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.322] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x111, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x111, lpOverlapped=0x0) returned 1 [0026.323] CloseHandle (hObject=0x60) returned 1 [0026.323] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.323] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json.adv")) returned 1 [0026.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.324] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x111, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.324] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.324] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0026.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efbc8 [0026.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e88 [0026.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1028 [0026.324] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.324] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="..", cAlternateFileName="")) returned 1 [0026.324] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10b, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2158 [0026.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2280 [0026.325] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2158 | out: hHeap=0x6d0000) returned 1 [0026.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.325] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x10b, lpOverlapped=0x0) returned 1 [0026.326] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.326] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x10b, lpOverlapped=0x0) returned 1 [0026.326] CloseHandle (hObject=0x60) returned 1 [0026.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2438 [0026.326] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json.adv")) returned 1 [0026.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2438 | out: hHeap=0x6d0000) returned 1 [0026.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2280 | out: hHeap=0x6d0000) returned 1 [0026.327] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10b, dwReserved0=0x1d2dd9e, dwReserved1=0x86fef9d0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.327] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1028 | out: hHeap=0x6d0000) returned 1 [0026.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e88 | out: hHeap=0x6d0000) returned 1 [0026.327] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0026.327] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efce0 | out: hHeap=0x6d0000) returned 1 [0026.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa40 | out: hHeap=0x6d0000) returned 1 [0026.327] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0026.327] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.327] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6efa40 [0026.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.327] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efbc8 [0026.327] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.328] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="..", cAlternateFileName="")) returned 1 [0026.328] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0x2bd5, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0026.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0e20 [0026.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.329] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2bd5, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x2bd5, lpOverlapped=0x0) returned 1 [0026.331] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.331] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2bd5, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x2bd5, lpOverlapped=0x0) returned 1 [0026.331] CloseHandle (hObject=0x5c) returned 1 [0026.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fd8 [0026.332] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.adv")) returned 1 [0026.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fd8 | out: hHeap=0x6d0000) returned 1 [0026.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.332] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0x2bd5, dwReserved0=0x0, dwReserved1=0x7ab, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0026.332] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa40 | out: hHeap=0x6d0000) returned 1 [0026.332] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x916d8210, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0026.332] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0026.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0026.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0026.332] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="14.1_0", cAlternateFileName="")) returned 0 [0026.333] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0026.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4c0 | out: hHeap=0x6d0000) returned 1 [0026.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0026.333] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="blpcfgokakmgnkcojhhkbfbldkacnbeo", cAlternateFileName="BLPCFG~1")) returned 1 [0026.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0026.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec2b8 [0026.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0026.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ec4c0 [0026.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.333] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0026.333] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0026.333] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="4.2.8_0", cAlternateFileName="4278E1~1.8_0")) returned 1 [0026.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ed638 [0026.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ee8b0 [0026.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.333] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0026.336] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0026.336] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4e, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="128.png", cAlternateFileName="")) returned 1 [0026.336] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.336] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6efa40 [0026.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.337] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd4e, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xd4e, lpOverlapped=0x0) returned 1 [0026.338] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.339] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd4e, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xd4e, lpOverlapped=0x0) returned 1 [0026.339] CloseHandle (hObject=0x58) returned 1 [0026.339] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efbc8 [0026.339] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.adv")) returned 1 [0026.340] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.340] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa40 | out: hHeap=0x6d0000) returned 1 [0026.340] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d8, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0026.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6efa40 [0026.340] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.340] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d8, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x2d8, lpOverlapped=0x0) returned 1 [0026.342] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.342] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x2d8, lpOverlapped=0x0) returned 1 [0026.342] CloseHandle (hObject=0x58) returned 1 [0026.343] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efbc8 [0026.343] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.adv")) returned 1 [0026.343] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.343] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa40 | out: hHeap=0x6d0000) returned 1 [0026.343] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="_locales", cAlternateFileName="")) returned 1 [0026.343] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.343] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6efa40 [0026.343] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.343] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efbc8 [0026.343] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.345] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="..", cAlternateFileName="")) returned 1 [0026.345] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="ar", cAlternateFileName="")) returned 1 [0026.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.345] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.345] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.345] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.346] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.347] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.347] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.347] CloseHandle (hObject=0x60) returned 1 [0026.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.347] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.adv")) returned 1 [0026.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.348] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.348] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.348] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="bg", cAlternateFileName="")) returned 1 [0026.348] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.348] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.349] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.349] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.349] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.350] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.350] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.350] CloseHandle (hObject=0x60) returned 1 [0026.351] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.351] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.adv")) returned 1 [0026.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.352] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.352] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.352] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="ca", cAlternateFileName="")) returned 1 [0026.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.352] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.352] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.352] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.353] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.354] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.354] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.354] CloseHandle (hObject=0x60) returned 1 [0026.354] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.354] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.adv")) returned 1 [0026.354] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.354] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.354] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.354] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.355] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="cs", cAlternateFileName="")) returned 1 [0026.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.356] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.357] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.357] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.358] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.358] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.358] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.359] CloseHandle (hObject=0x60) returned 1 [0026.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.359] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.adv")) returned 1 [0026.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.359] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.359] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.360] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="da", cAlternateFileName="")) returned 1 [0026.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.360] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.360] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.360] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.360] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.361] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.361] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.361] CloseHandle (hObject=0x60) returned 1 [0026.361] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.361] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.adv")) returned 1 [0026.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.362] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.362] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.362] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="de", cAlternateFileName="")) returned 1 [0026.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.362] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.363] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.363] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.363] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.364] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.364] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.365] CloseHandle (hObject=0x60) returned 1 [0026.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.365] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.adv")) returned 1 [0026.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.365] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.365] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.365] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="el", cAlternateFileName="")) returned 1 [0026.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.366] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.366] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.366] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.366] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.367] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.368] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.368] CloseHandle (hObject=0x60) returned 1 [0026.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.368] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.adv")) returned 1 [0026.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.368] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.368] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.369] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="en", cAlternateFileName="")) returned 1 [0026.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.369] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.370] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.370] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.370] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.371] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.372] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.372] CloseHandle (hObject=0x60) returned 1 [0026.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.372] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.adv")) returned 1 [0026.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.372] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.372] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.373] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="es", cAlternateFileName="")) returned 1 [0026.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.373] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.373] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.373] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.373] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.374] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.374] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.374] CloseHandle (hObject=0x60) returned 1 [0026.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.374] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.adv")) returned 1 [0026.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.375] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.375] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.375] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="fi", cAlternateFileName="")) returned 1 [0026.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.375] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.376] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.376] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.376] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.377] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.377] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.377] CloseHandle (hObject=0x60) returned 1 [0026.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.378] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.adv")) returned 1 [0026.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.378] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.378] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.379] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="fil", cAlternateFileName="")) returned 1 [0026.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.379] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.379] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.379] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.379] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.380] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.380] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.380] CloseHandle (hObject=0x60) returned 1 [0026.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.380] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.adv")) returned 1 [0026.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.381] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.381] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.381] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="fr", cAlternateFileName="")) returned 1 [0026.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.381] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.382] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.382] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.383] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.383] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.383] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.384] CloseHandle (hObject=0x60) returned 1 [0026.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.384] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.adv")) returned 1 [0026.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.384] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.384] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.385] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="he", cAlternateFileName="")) returned 1 [0026.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.385] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.385] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.385] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.385] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.386] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.386] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.386] CloseHandle (hObject=0x60) returned 1 [0026.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.386] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.adv")) returned 1 [0026.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.387] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.387] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.387] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="hi", cAlternateFileName="")) returned 1 [0026.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.387] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.388] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.388] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.388] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.389] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.389] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.389] CloseHandle (hObject=0x60) returned 1 [0026.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.390] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.adv")) returned 1 [0026.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.390] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.390] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.390] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="hr", cAlternateFileName="")) returned 1 [0026.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.390] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.391] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.391] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.391] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.392] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.392] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.392] CloseHandle (hObject=0x60) returned 1 [0026.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.392] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.adv")) returned 1 [0026.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.395] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.395] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.395] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="hu", cAlternateFileName="")) returned 1 [0026.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.395] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.396] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.396] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.396] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.397] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.397] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.398] CloseHandle (hObject=0x60) returned 1 [0026.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.398] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.adv")) returned 1 [0026.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.399] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.399] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.399] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="id", cAlternateFileName="")) returned 1 [0026.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.399] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.399] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.399] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.399] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.400] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.400] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.400] CloseHandle (hObject=0x60) returned 1 [0026.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.401] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.adv")) returned 1 [0026.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.401] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.401] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.401] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="it", cAlternateFileName="")) returned 1 [0026.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.401] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.402] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.402] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.402] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.403] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.403] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.404] CloseHandle (hObject=0x60) returned 1 [0026.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.404] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.adv")) returned 1 [0026.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.404] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.404] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.405] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="ja", cAlternateFileName="")) returned 1 [0026.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.405] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.405] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.405] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.405] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.406] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.406] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.406] CloseHandle (hObject=0x60) returned 1 [0026.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.406] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.adv")) returned 1 [0026.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.407] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.407] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.407] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="ko", cAlternateFileName="")) returned 1 [0026.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.407] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.408] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.408] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.408] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.409] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.409] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.409] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.410] CloseHandle (hObject=0x60) returned 1 [0026.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.410] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.adv")) returned 1 [0026.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.410] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.410] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.411] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.411] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="lt", cAlternateFileName="")) returned 1 [0026.411] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.411] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.411] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.411] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.411] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.411] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.411] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.411] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.411] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.412] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.412] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.412] CloseHandle (hObject=0x60) returned 1 [0026.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.412] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.adv")) returned 1 [0026.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.413] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.413] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.413] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="lv", cAlternateFileName="")) returned 1 [0026.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.413] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.414] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.414] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.415] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.415] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.416] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.416] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.416] CloseHandle (hObject=0x60) returned 1 [0026.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.416] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.adv")) returned 1 [0026.417] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.417] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.417] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.417] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.417] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.417] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.417] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="nl", cAlternateFileName="")) returned 1 [0026.417] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.417] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.417] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.417] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.417] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.417] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.417] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.417] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.417] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.418] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.418] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.419] CloseHandle (hObject=0x60) returned 1 [0026.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.419] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.adv")) returned 1 [0026.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.419] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.419] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.420] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.420] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.420] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="no", cAlternateFileName="")) returned 1 [0026.420] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.420] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.420] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.420] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.421] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c12fb00, ftLastWriteTime.dwHighDateTime=0x1d0f3ee, nFileSizeHigh=0x0, nFileSizeLow=0x9f, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.421] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.421] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.421] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.421] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x9f, lpOverlapped=0x0) returned 1 [0026.422] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.422] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x9f, lpOverlapped=0x0) returned 1 [0026.422] CloseHandle (hObject=0x60) returned 1 [0026.423] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.423] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.adv")) returned 1 [0026.423] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.423] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.424] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c12fb00, ftLastWriteTime.dwHighDateTime=0x1d0f3ee, nFileSizeHigh=0x0, nFileSizeLow=0x9f, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.424] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.424] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="pl", cAlternateFileName="")) returned 1 [0026.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.424] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.424] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.424] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.424] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.425] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.425] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.425] CloseHandle (hObject=0x60) returned 1 [0026.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.426] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.adv")) returned 1 [0026.426] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.426] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.426] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0026.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0f48 [0026.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.426] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.427] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.427] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.427] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.427] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2108 [0026.427] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.428] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.428] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.429] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.429] CloseHandle (hObject=0x60) returned 1 [0026.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f22c0 [0026.429] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json.adv")) returned 1 [0026.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22c0 | out: hHeap=0x6d0000) returned 1 [0026.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2108 | out: hHeap=0x6d0000) returned 1 [0026.430] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.430] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f48 | out: hHeap=0x6d0000) returned 1 [0026.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.430] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0026.430] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.430] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.430] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0f48 [0026.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.430] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.430] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.430] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.430] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.430] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2108 [0026.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.430] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.431] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.431] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.431] CloseHandle (hObject=0x60) returned 1 [0026.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f22c0 [0026.432] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json.adv")) returned 1 [0026.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22c0 | out: hHeap=0x6d0000) returned 1 [0026.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2108 | out: hHeap=0x6d0000) returned 1 [0026.432] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.432] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f48 | out: hHeap=0x6d0000) returned 1 [0026.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.432] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="ro", cAlternateFileName="")) returned 1 [0026.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.433] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.433] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.433] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.433] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.433] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.433] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.434] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.435] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.435] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.435] CloseHandle (hObject=0x60) returned 1 [0026.435] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.adv")) returned 1 [0026.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.436] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.436] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.436] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="ru", cAlternateFileName="")) returned 1 [0026.436] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.436] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.436] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.436] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.437] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.437] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.437] CloseHandle (hObject=0x60) returned 1 [0026.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.438] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.adv")) returned 1 [0026.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.438] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.438] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.438] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="sk", cAlternateFileName="")) returned 1 [0026.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.438] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.439] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.439] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.440] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.441] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.441] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.441] CloseHandle (hObject=0x60) returned 1 [0026.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.441] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.adv")) returned 1 [0026.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.442] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.442] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.442] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="sl", cAlternateFileName="")) returned 1 [0026.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.442] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.442] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.442] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.442] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.443] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.443] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.443] CloseHandle (hObject=0x60) returned 1 [0026.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.444] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.adv")) returned 1 [0026.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.444] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.444] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.444] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="sr", cAlternateFileName="")) returned 1 [0026.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.445] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.446] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.446] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.446] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.447] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.447] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.447] CloseHandle (hObject=0x60) returned 1 [0026.447] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.448] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.adv")) returned 1 [0026.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.448] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.448] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.448] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="sv", cAlternateFileName="")) returned 1 [0026.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.448] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.449] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.449] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.449] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.449] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.449] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.449] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.450] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.450] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.450] CloseHandle (hObject=0x60) returned 1 [0026.450] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.450] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.adv")) returned 1 [0026.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.451] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.451] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.451] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="th", cAlternateFileName="")) returned 1 [0026.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.451] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.452] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.452] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.452] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.452] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.452] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.453] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.453] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.453] CloseHandle (hObject=0x60) returned 1 [0026.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.454] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.adv")) returned 1 [0026.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.454] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.454] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.454] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="tr", cAlternateFileName="")) returned 1 [0026.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.454] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.455] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.455] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.455] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.455] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.455] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.456] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.456] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.456] CloseHandle (hObject=0x60) returned 1 [0026.456] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.456] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.adv")) returned 1 [0026.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.457] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.457] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.457] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="uk", cAlternateFileName="")) returned 1 [0026.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.457] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.458] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.458] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.458] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.458] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.458] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.458] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.459] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.459] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.459] CloseHandle (hObject=0x60) returned 1 [0026.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.460] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.adv")) returned 1 [0026.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.460] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.460] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.461] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="vi", cAlternateFileName="")) returned 1 [0026.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.461] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.461] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.461] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f50 [0026.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2078 [0026.461] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0026.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.461] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.462] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.462] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.462] CloseHandle (hObject=0x60) returned 1 [0026.462] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f2230 [0026.462] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.adv")) returned 1 [0026.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6d0000) returned 1 [0026.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2078 | out: hHeap=0x6d0000) returned 1 [0026.463] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.463] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.463] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0026.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0f48 [0026.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.463] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.473] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.473] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2108 [0026.473] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.473] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.474] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.474] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.474] CloseHandle (hObject=0x60) returned 1 [0026.474] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f22c0 [0026.474] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json.adv")) returned 1 [0026.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22c0 | out: hHeap=0x6d0000) returned 1 [0026.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2108 | out: hHeap=0x6d0000) returned 1 [0026.475] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.475] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f48 | out: hHeap=0x6d0000) returned 1 [0026.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.475] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0026.475] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.475] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.475] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0f48 [0026.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.475] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.476] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="..", cAlternateFileName="")) returned 1 [0026.476] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0e20 [0026.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2108 [0026.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.476] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.477] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.477] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.477] CloseHandle (hObject=0x60) returned 1 [0026.478] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f22c0 [0026.478] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json.adv")) returned 1 [0026.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22c0 | out: hHeap=0x6d0000) returned 1 [0026.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2108 | out: hHeap=0x6d0000) returned 1 [0026.478] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85348a70, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.478] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f48 | out: hHeap=0x6d0000) returned 1 [0026.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.478] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0026.478] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa40 | out: hHeap=0x6d0000) returned 1 [0026.478] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0026.478] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6efa40 [0026.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efbc8 [0026.479] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.479] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="..", cAlternateFileName="")) returned 1 [0026.479] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x628aed00, ftLastWriteTime.dwHighDateTime=0x1d0f5b2, nFileSizeHigh=0x0, nFileSizeLow=0x2769, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0026.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0cf8 [0026.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0e20 [0026.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cf8 | out: hHeap=0x6d0000) returned 1 [0026.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.479] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2769, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x2769, lpOverlapped=0x0) returned 1 [0026.481] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.482] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2769, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x2769, lpOverlapped=0x0) returned 1 [0026.482] CloseHandle (hObject=0x5c) returned 1 [0026.483] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fd8 [0026.483] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.adv")) returned 1 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fd8 | out: hHeap=0x6d0000) returned 1 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e20 | out: hHeap=0x6d0000) returned 1 [0026.484] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x628aed00, ftLastWriteTime.dwHighDateTime=0x1d0f5b2, nFileSizeHigh=0x0, nFileSizeLow=0x2769, dwReserved0=0x0, dwReserved1=0x7aa, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0026.484] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbc8 | out: hHeap=0x6d0000) returned 1 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa40 | out: hHeap=0x6d0000) returned 1 [0026.484] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0026.484] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0026.484] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="4.2.8_0", cAlternateFileName="4278E1~1.8_0")) returned 0 [0026.484] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4c0 | out: hHeap=0x6d0000) returned 1 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0026.484] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="felcaaldnbdncclmgdcncolpebgiejap", cAlternateFileName="FELCAA~1")) returned 1 [0026.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0026.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec2b8 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0026.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ec4c0 [0026.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.484] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0026.485] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0026.485] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="1.1_0", cAlternateFileName="")) returned 1 [0026.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ed638 [0026.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.485] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0026.488] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName="..", cAlternateFileName="")) returned 1 [0026.488] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84234950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd47, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0026.488] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.488] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.488] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.488] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd47, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xd47, lpOverlapped=0x0) returned 1 [0026.490] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.490] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd47, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xd47, lpOverlapped=0x0) returned 1 [0026.490] CloseHandle (hObject=0x58) returned 1 [0026.491] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0026.491] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.adv")) returned 1 [0026.492] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.492] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.492] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84239770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9d, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0026.492] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.492] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.492] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.493] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9d, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x9d, lpOverlapped=0x0) returned 1 [0026.494] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.494] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9d, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x9d, lpOverlapped=0x0) returned 1 [0026.494] CloseHandle (hObject=0x58) returned 1 [0026.495] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0026.495] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.adv")) returned 1 [0026.495] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.495] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.495] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8423be80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8423e590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0026.495] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.495] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.495] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.496] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5c, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x5c, lpOverlapped=0x0) returned 1 [0026.497] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.497] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x5c, lpOverlapped=0x0) returned 1 [0026.497] CloseHandle (hObject=0x58) returned 1 [0026.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0026.497] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.adv")) returned 1 [0026.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.497] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84240ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84240ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName="main.js", cAlternateFileName="")) returned 1 [0026.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.498] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5f, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x5f, lpOverlapped=0x0) returned 1 [0026.499] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.499] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x5f, lpOverlapped=0x0) returned 1 [0026.499] CloseHandle (hObject=0x58) returned 1 [0026.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0026.500] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.adv")) returned 1 [0026.500] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.500] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.500] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x840205b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84245ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844aa770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d6, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0026.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.500] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.500] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d6, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x2d6, lpOverlapped=0x0) returned 1 [0026.502] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.502] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d6, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x2d6, lpOverlapped=0x0) returned 1 [0026.502] CloseHandle (hObject=0x58) returned 1 [0026.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0026.503] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.adv")) returned 1 [0026.503] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.503] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.503] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName="_locales", cAlternateFileName="")) returned 1 [0026.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.503] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0026.503] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.503] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.505] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="..", cAlternateFileName="")) returned 1 [0026.505] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ar", cAlternateFileName="")) returned 1 [0026.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.505] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.506] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.506] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8403b360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.506] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.506] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.506] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.507] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.508] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.508] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.508] CloseHandle (hObject=0x60) returned 1 [0026.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.509] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.adv")) returned 1 [0026.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.509] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8403b360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.509] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.509] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="bg", cAlternateFileName="")) returned 1 [0026.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.510] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.510] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84056110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84058820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.510] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.510] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x12f, lpOverlapped=0x0) returned 1 [0026.511] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.511] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x12f, lpOverlapped=0x0) returned 1 [0026.511] CloseHandle (hObject=0x60) returned 1 [0026.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.512] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.adv")) returned 1 [0026.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.512] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84056110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84058820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.512] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.512] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ca", cAlternateFileName="")) returned 1 [0026.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.513] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.513] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.513] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84067280, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.516] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe5, lpOverlapped=0x0) returned 1 [0026.517] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.517] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe5, lpOverlapped=0x0) returned 1 [0026.517] CloseHandle (hObject=0x60) returned 1 [0026.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.518] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.adv")) returned 1 [0026.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.518] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84067280, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.518] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.518] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="cs", cAlternateFileName="")) returned 1 [0026.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.518] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.519] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.519] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8407f920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84082030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.519] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xda, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xda, lpOverlapped=0x0) returned 1 [0026.520] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.520] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xda, lpOverlapped=0x0) returned 1 [0026.520] CloseHandle (hObject=0x60) returned 1 [0026.521] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.521] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.adv")) returned 1 [0026.521] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.521] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.521] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8407f920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84082030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.522] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.522] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="da", cAlternateFileName="")) returned 1 [0026.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.522] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.522] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84090a90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.523] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xcf, lpOverlapped=0x0) returned 1 [0026.524] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.524] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xcf, lpOverlapped=0x0) returned 1 [0026.524] CloseHandle (hObject=0x60) returned 1 [0026.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.525] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.adv")) returned 1 [0026.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.525] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84090a90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.525] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.526] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="de", cAlternateFileName="")) returned 1 [0026.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.526] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.526] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8409cde0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.526] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdc, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdc, lpOverlapped=0x0) returned 1 [0026.527] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.527] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdc, lpOverlapped=0x0) returned 1 [0026.527] CloseHandle (hObject=0x60) returned 1 [0026.528] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.528] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.adv")) returned 1 [0026.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.529] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8409cde0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.529] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.529] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="el", cAlternateFileName="")) returned 1 [0026.529] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.529] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.529] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.529] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.529] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84116f00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.529] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.529] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.530] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x130, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x130, lpOverlapped=0x0) returned 1 [0026.531] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.531] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x130, lpOverlapped=0x0) returned 1 [0026.531] CloseHandle (hObject=0x60) returned 1 [0026.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.532] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.adv")) returned 1 [0026.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.532] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84116f00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.533] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.533] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="en_GB", cAlternateFileName="")) returned 1 [0026.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.533] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.533] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84120b40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.533] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.534] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.534] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.534] CloseHandle (hObject=0x60) returned 1 [0026.535] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.535] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json.adv")) returned 1 [0026.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.536] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84120b40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.536] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.536] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="en_US", cAlternateFileName="")) returned 1 [0026.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.536] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.536] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8412ce90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.537] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.539] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.539] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.539] CloseHandle (hObject=0x60) returned 1 [0026.539] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.539] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json.adv")) returned 1 [0026.539] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.539] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.540] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8412ce90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.540] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.540] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="es", cAlternateFileName="")) returned 1 [0026.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.540] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.540] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841343c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.540] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe5, lpOverlapped=0x0) returned 1 [0026.541] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.541] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe5, lpOverlapped=0x0) returned 1 [0026.541] CloseHandle (hObject=0x60) returned 1 [0026.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.542] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.adv")) returned 1 [0026.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.543] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841343c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.543] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.543] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="es_419", cAlternateFileName="")) returned 1 [0026.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.543] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.543] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8413b8f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.544] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe5, lpOverlapped=0x0) returned 1 [0026.545] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.545] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe5, lpOverlapped=0x0) returned 1 [0026.545] CloseHandle (hObject=0x60) returned 1 [0026.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.545] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.adv")) returned 1 [0026.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.548] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8413b8f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.548] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.548] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="et", cAlternateFileName="")) returned 1 [0026.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.548] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.549] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.549] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84142e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.549] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0026.550] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.550] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0026.550] CloseHandle (hObject=0x60) returned 1 [0026.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.551] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.adv")) returned 1 [0026.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.551] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84142e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.551] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.551] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="fi", cAlternateFileName="")) returned 1 [0026.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.552] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.552] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.552] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8414a350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414f170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.553] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdc, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdc, lpOverlapped=0x0) returned 1 [0026.554] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.554] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdc, lpOverlapped=0x0) returned 1 [0026.554] CloseHandle (hObject=0x60) returned 1 [0026.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.555] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.adv")) returned 1 [0026.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.555] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8414a350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414f170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.555] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.556] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="fil", cAlternateFileName="")) returned 1 [0026.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.556] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.556] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.556] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841566a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.556] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdf, lpOverlapped=0x0) returned 1 [0026.557] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.557] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdf, lpOverlapped=0x0) returned 1 [0026.557] CloseHandle (hObject=0x60) returned 1 [0026.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.558] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.adv")) returned 1 [0026.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.559] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841566a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.559] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.559] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="fr", cAlternateFileName="")) returned 1 [0026.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.559] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.559] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.559] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8415dbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.560] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0026.561] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.561] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0026.561] CloseHandle (hObject=0x60) returned 1 [0026.562] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.562] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.adv")) returned 1 [0026.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.563] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8415dbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.563] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.563] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="he", cAlternateFileName="")) returned 1 [0026.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.564] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.564] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.564] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84165100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.564] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xee, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xee, lpOverlapped=0x0) returned 1 [0026.565] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.565] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xee, lpOverlapped=0x0) returned 1 [0026.565] CloseHandle (hObject=0x60) returned 1 [0026.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.566] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.adv")) returned 1 [0026.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.567] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84165100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.567] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.567] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="hi", cAlternateFileName="")) returned 1 [0026.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.567] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.567] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.567] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8416c630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.568] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x11a, lpOverlapped=0x0) returned 1 [0026.569] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.569] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x11a, lpOverlapped=0x0) returned 1 [0026.569] CloseHandle (hObject=0x60) returned 1 [0026.570] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.570] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.adv")) returned 1 [0026.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8416c630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.571] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.571] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="hu", cAlternateFileName="")) returned 1 [0026.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.571] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84173b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.572] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xeb, lpOverlapped=0x0) returned 1 [0026.573] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.573] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xeb, lpOverlapped=0x0) returned 1 [0026.573] CloseHandle (hObject=0x60) returned 1 [0026.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.574] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.adv")) returned 1 [0026.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.575] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84173b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.575] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.575] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="id", cAlternateFileName="")) returned 1 [0026.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.575] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.575] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.575] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8417b090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.576] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0026.577] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.577] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0026.577] CloseHandle (hObject=0x60) returned 1 [0026.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.578] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.adv")) returned 1 [0026.578] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.578] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.578] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8417b090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.578] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.578] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.579] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="it", cAlternateFileName="")) returned 1 [0026.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.579] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.579] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.579] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841825c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.579] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0026.580] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.580] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0026.580] CloseHandle (hObject=0x60) returned 1 [0026.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.581] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.adv")) returned 1 [0026.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.582] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841825c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.582] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.582] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ja", cAlternateFileName="")) returned 1 [0026.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.582] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.582] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.582] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84189af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.583] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf5, lpOverlapped=0x0) returned 1 [0026.584] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.584] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf5, lpOverlapped=0x0) returned 1 [0026.584] CloseHandle (hObject=0x60) returned 1 [0026.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.585] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.adv")) returned 1 [0026.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.586] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84189af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.586] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.586] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.586] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.586] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ko", cAlternateFileName="")) returned 1 [0026.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.586] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.586] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.586] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.586] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84191020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.586] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.587] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0026.588] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.588] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe0, lpOverlapped=0x0) returned 1 [0026.588] CloseHandle (hObject=0x60) returned 1 [0026.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.589] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.adv")) returned 1 [0026.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.589] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84191020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.589] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.590] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="lt", cAlternateFileName="")) returned 1 [0026.590] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.590] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.590] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.590] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.590] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.590] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84198550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8419d370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.590] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.590] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.591] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xeb, lpOverlapped=0x0) returned 1 [0026.593] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.593] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xeb, lpOverlapped=0x0) returned 1 [0026.593] CloseHandle (hObject=0x60) returned 1 [0026.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.594] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.adv")) returned 1 [0026.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.595] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84198550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8419d370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.595] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.595] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="lv", cAlternateFileName="")) returned 1 [0026.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.595] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.595] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.595] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a2190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a48a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.596] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe5, lpOverlapped=0x0) returned 1 [0026.597] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.597] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe5, lpOverlapped=0x0) returned 1 [0026.597] CloseHandle (hObject=0x60) returned 1 [0026.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.597] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.adv")) returned 1 [0026.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.598] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a2190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a48a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.598] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.598] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ms", cAlternateFileName="")) returned 1 [0026.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.598] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.598] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.598] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a96c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.599] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd0, lpOverlapped=0x0) returned 1 [0026.600] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.600] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd0, lpOverlapped=0x0) returned 1 [0026.601] CloseHandle (hObject=0x60) returned 1 [0026.601] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.601] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.adv")) returned 1 [0026.601] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.601] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.601] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a96c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.601] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.601] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.602] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="nl", cAlternateFileName="")) returned 1 [0026.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.602] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.602] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.602] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b0bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.602] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0026.603] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.603] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0026.603] CloseHandle (hObject=0x60) returned 1 [0026.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.604] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.adv")) returned 1 [0026.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.604] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b0bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.604] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.604] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="no", cAlternateFileName="")) returned 1 [0026.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.604] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.605] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.605] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b8120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xbf, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.605] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.606] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xbf, lpOverlapped=0x0) returned 1 [0026.606] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.607] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xbf, lpOverlapped=0x0) returned 1 [0026.607] CloseHandle (hObject=0x60) returned 1 [0026.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.607] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.adv")) returned 1 [0026.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.607] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b8120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xbf, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.607] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.607] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="pl", cAlternateFileName="")) returned 1 [0026.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.608] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.608] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.608] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841bf650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.608] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd1, lpOverlapped=0x0) returned 1 [0026.609] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.609] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd1, lpOverlapped=0x0) returned 1 [0026.609] CloseHandle (hObject=0x60) returned 1 [0026.609] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.adv")) returned 1 [0026.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.610] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841bf650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.610] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.610] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0026.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.610] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.610] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.610] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841c9290, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.611] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.612] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.612] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.613] CloseHandle (hObject=0x60) returned 1 [0026.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.613] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json.adv")) returned 1 [0026.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.613] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841c9290, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.613] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.613] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0026.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.613] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.614] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.614] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d07c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.614] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe6, lpOverlapped=0x0) returned 1 [0026.615] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.615] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe6, lpOverlapped=0x0) returned 1 [0026.615] CloseHandle (hObject=0x60) returned 1 [0026.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.615] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json.adv")) returned 1 [0026.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.616] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d07c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.616] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.616] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ro", cAlternateFileName="")) returned 1 [0026.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.616] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.616] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.616] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d7cf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.617] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0026.618] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.618] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0026.618] CloseHandle (hObject=0x60) returned 1 [0026.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.618] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.adv")) returned 1 [0026.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.619] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d7cf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.619] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.619] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ru", cAlternateFileName="")) returned 1 [0026.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.619] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.619] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.620] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841df220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.620] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.621] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.621] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.621] CloseHandle (hObject=0x60) returned 1 [0026.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.621] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.adv")) returned 1 [0026.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.622] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841df220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.622] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.622] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sk", cAlternateFileName="")) returned 1 [0026.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.622] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.622] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.622] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f0390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.623] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdb, lpOverlapped=0x0) returned 1 [0026.624] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.624] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdb, lpOverlapped=0x0) returned 1 [0026.624] CloseHandle (hObject=0x60) returned 1 [0026.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.624] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.adv")) returned 1 [0026.625] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.625] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.625] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f0390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.625] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.625] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.625] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.625] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sl", cAlternateFileName="")) returned 1 [0026.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.625] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.625] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.625] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.625] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f78c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.625] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.626] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0026.627] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.627] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0026.627] CloseHandle (hObject=0x60) returned 1 [0026.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.627] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.adv")) returned 1 [0026.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.627] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f78c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.627] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.627] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sr", cAlternateFileName="")) returned 1 [0026.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.628] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.628] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.628] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841fedf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.628] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.628] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.628] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.629] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xec, lpOverlapped=0x0) returned 1 [0026.630] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.630] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xec, lpOverlapped=0x0) returned 1 [0026.630] CloseHandle (hObject=0x60) returned 1 [0026.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.630] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.adv")) returned 1 [0026.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.630] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841fedf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.630] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.630] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sv", cAlternateFileName="")) returned 1 [0026.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.631] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.631] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.631] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.631] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84206320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.631] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.631] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0026.632] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.632] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd8, lpOverlapped=0x0) returned 1 [0026.633] CloseHandle (hObject=0x60) returned 1 [0026.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.633] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.adv")) returned 1 [0026.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.633] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84206320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.633] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.633] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="th", cAlternateFileName="")) returned 1 [0026.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.633] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.634] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.634] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8420d850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.635] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x10a, lpOverlapped=0x0) returned 1 [0026.635] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.636] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x10a, lpOverlapped=0x0) returned 1 [0026.636] CloseHandle (hObject=0x60) returned 1 [0026.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.636] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.adv")) returned 1 [0026.636] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.636] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.636] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8420d850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.636] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.636] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.636] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.636] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="tr", cAlternateFileName="")) returned 1 [0026.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.637] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.637] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.637] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.637] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84214d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.637] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.637] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.637] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe1, lpOverlapped=0x0) returned 1 [0026.638] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.638] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe1, lpOverlapped=0x0) returned 1 [0026.638] CloseHandle (hObject=0x60) returned 1 [0026.638] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.638] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.adv")) returned 1 [0026.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.639] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84214d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.639] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.639] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="uk", cAlternateFileName="")) returned 1 [0026.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.639] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.639] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.639] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8421c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.640] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.641] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.641] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0026.641] CloseHandle (hObject=0x60) returned 1 [0026.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.641] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.adv")) returned 1 [0026.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.642] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8421c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.642] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.642] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="vi", cAlternateFileName="")) returned 1 [0026.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.642] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.643] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.643] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x842237e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.643] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.643] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe3, lpOverlapped=0x0) returned 1 [0026.644] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.644] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe3, lpOverlapped=0x0) returned 1 [0026.644] CloseHandle (hObject=0x60) returned 1 [0026.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.644] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.adv")) returned 1 [0026.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.645] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x842237e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.645] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.645] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0026.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.645] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.645] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.645] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8422ad10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.646] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd4, lpOverlapped=0x0) returned 1 [0026.647] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.647] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd4, lpOverlapped=0x0) returned 1 [0026.647] CloseHandle (hObject=0x60) returned 1 [0026.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.647] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json.adv")) returned 1 [0026.647] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.647] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.647] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8422ad10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.647] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.648] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0026.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.648] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.648] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="..", cAlternateFileName="")) returned 1 [0026.648] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84232240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.648] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd4, lpOverlapped=0x0) returned 1 [0026.649] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.649] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd4, lpOverlapped=0x0) returned 1 [0026.649] CloseHandle (hObject=0x60) returned 1 [0026.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.649] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json.adv")) returned 1 [0026.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.650] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84232240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x1d2dd9e, dwReserved1=0x8422fb30, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.650] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.650] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0026.650] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0026.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.650] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0026.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0026.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.650] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.651] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="..", cAlternateFileName="")) returned 1 [0026.651] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x844eed30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0026.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.651] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.651] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x160, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x160, lpOverlapped=0x0) returned 1 [0026.652] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.652] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x160, lpOverlapped=0x0) returned 1 [0026.652] CloseHandle (hObject=0x5c) returned 1 [0026.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fa8 [0026.652] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.adv")) returned 1 [0026.653] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.653] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.653] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8424a8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8424a8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0026.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.653] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.654] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b56, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x2b56, lpOverlapped=0x0) returned 1 [0026.656] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.656] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b56, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x2b56, lpOverlapped=0x0) returned 1 [0026.656] CloseHandle (hObject=0x5c) returned 1 [0026.656] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fa8 [0026.656] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.adv")) returned 1 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.657] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8424a8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8424a8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0026.657] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.657] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x844c0700, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0026.657] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0026.657] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="1.1_0", cAlternateFileName="")) returned 0 [0026.657] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4c0 | out: hHeap=0x6d0000) returned 1 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0026.657] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 1 [0026.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0026.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec2b8 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0026.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ec4c0 [0026.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.657] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0026.658] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0026.658] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="1.4_0", cAlternateFileName="")) returned 1 [0026.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ed638 [0026.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0026.658] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0026.660] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="..", cAlternateFileName="")) returned 1 [0026.660] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1378, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="128.png", cAlternateFileName="")) returned 1 [0026.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.661] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1378, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x1378, lpOverlapped=0x0) returned 1 [0026.662] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.662] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1378, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x1378, lpOverlapped=0x0) returned 1 [0026.662] CloseHandle (hObject=0x58) returned 1 [0026.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0026.663] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.adv")) returned 1 [0026.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.663] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1103, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="contentscript_bin_prod.js", cAlternateFileName="CONTEN~1.JS")) returned 1 [0026.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.665] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1103, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x1103, lpOverlapped=0x0) returned 1 [0026.666] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.666] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1103, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x1103, lpOverlapped=0x0) returned 1 [0026.666] CloseHandle (hObject=0x58) returned 1 [0026.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efb48 [0026.666] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.adv")) returned 1 [0026.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.667] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x356, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="dasherSettingSchema.json", cAlternateFileName="DASHER~1.JSO")) returned 1 [0026.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.667] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x356, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x356, lpOverlapped=0x0) returned 1 [0026.669] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.669] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x356, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x356, lpOverlapped=0x0) returned 1 [0026.669] CloseHandle (hObject=0x58) returned 1 [0026.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efb48 [0026.669] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json.adv")) returned 1 [0026.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.670] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x5b6c, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="eventpage_bin_prod.js", cAlternateFileName="EVENTP~1.JS")) returned 1 [0026.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.670] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5b6c, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x5b6c, lpOverlapped=0x0) returned 1 [0026.672] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.672] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5b6c, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x5b6c, lpOverlapped=0x0) returned 1 [0026.672] CloseHandle (hObject=0x58) returned 1 [0026.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efb48 [0026.673] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.adv")) returned 1 [0026.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.673] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0026.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.673] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5b1, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x5b1, lpOverlapped=0x0) returned 1 [0026.675] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.675] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x5b1, lpOverlapped=0x0) returned 1 [0026.675] CloseHandle (hObject=0x58) returned 1 [0026.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0026.676] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.adv")) returned 1 [0026.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.676] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="page_embed_script.js", cAlternateFileName="PAGE_E~1.JS")) returned 1 [0026.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.676] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xe0, lpOverlapped=0x0) returned 1 [0026.677] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.677] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xe0, lpOverlapped=0x0) returned 1 [0026.677] CloseHandle (hObject=0x58) returned 1 [0026.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efb48 [0026.678] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.adv")) returned 1 [0026.678] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.678] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.678] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="_locales", cAlternateFileName="")) returned 1 [0026.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.678] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0026.678] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.678] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.680] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="..", cAlternateFileName="")) returned 1 [0026.681] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="af", cAlternateFileName="")) returned 1 [0026.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.681] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.682] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.682] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x84, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.682] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.683] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x84, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x84, lpOverlapped=0x0) returned 1 [0026.683] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.684] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x84, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x84, lpOverlapped=0x0) returned 1 [0026.684] CloseHandle (hObject=0x60) returned 1 [0026.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.684] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.adv")) returned 1 [0026.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.684] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x84, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.684] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.684] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="am", cAlternateFileName="")) returned 1 [0026.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.685] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.685] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.685] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.685] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x103, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x103, lpOverlapped=0x0) returned 1 [0026.686] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.686] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x103, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x103, lpOverlapped=0x0) returned 1 [0026.686] CloseHandle (hObject=0x60) returned 1 [0026.686] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.686] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.adv")) returned 1 [0026.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.689] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.689] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.689] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ar", cAlternateFileName="")) returned 1 [0026.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.689] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.690] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.690] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.690] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.691] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xed, lpOverlapped=0x0) returned 1 [0026.692] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.692] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xed, lpOverlapped=0x0) returned 1 [0026.692] CloseHandle (hObject=0x60) returned 1 [0026.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.692] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.adv")) returned 1 [0026.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.692] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.693] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.693] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="az", cAlternateFileName="")) returned 1 [0026.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.693] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.693] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.693] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.693] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xa7, lpOverlapped=0x0) returned 1 [0026.694] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.694] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xa7, lpOverlapped=0x0) returned 1 [0026.695] CloseHandle (hObject=0x60) returned 1 [0026.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.695] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.adv")) returned 1 [0026.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.695] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.695] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.695] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="bg", cAlternateFileName="")) returned 1 [0026.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.695] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.696] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.696] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.697] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x114, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x114, lpOverlapped=0x0) returned 1 [0026.698] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.698] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x114, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x114, lpOverlapped=0x0) returned 1 [0026.698] CloseHandle (hObject=0x60) returned 1 [0026.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.698] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.adv")) returned 1 [0026.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.698] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.698] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.698] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="bn", cAlternateFileName="")) returned 1 [0026.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.699] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.699] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.699] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14b, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.699] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x14b, lpOverlapped=0x0) returned 1 [0026.700] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.700] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x14b, lpOverlapped=0x0) returned 1 [0026.700] CloseHandle (hObject=0x60) returned 1 [0026.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.700] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.adv")) returned 1 [0026.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.701] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14b, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.701] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.701] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ca", cAlternateFileName="")) returned 1 [0026.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.702] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.702] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.702] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.702] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xcf, lpOverlapped=0x0) returned 1 [0026.703] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.703] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xcf, lpOverlapped=0x0) returned 1 [0026.703] CloseHandle (hObject=0x60) returned 1 [0026.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.704] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.adv")) returned 1 [0026.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.704] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.704] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.704] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="cs", cAlternateFileName="")) returned 1 [0026.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.704] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.705] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.705] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xad, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.705] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xad, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xad, lpOverlapped=0x0) returned 1 [0026.706] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.706] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xad, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xad, lpOverlapped=0x0) returned 1 [0026.706] CloseHandle (hObject=0x60) returned 1 [0026.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.706] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.adv")) returned 1 [0026.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.707] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xad, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.707] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.707] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="da", cAlternateFileName="")) returned 1 [0026.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.707] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.708] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.708] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.708] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xac, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xac, lpOverlapped=0x0) returned 1 [0026.709] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.709] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xac, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xac, lpOverlapped=0x0) returned 1 [0026.709] CloseHandle (hObject=0x60) returned 1 [0026.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.709] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.adv")) returned 1 [0026.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.710] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.710] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.710] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="de", cAlternateFileName="")) returned 1 [0026.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.711] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.711] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc1, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.711] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc1, lpOverlapped=0x0) returned 1 [0026.712] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.712] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc1, lpOverlapped=0x0) returned 1 [0026.712] CloseHandle (hObject=0x60) returned 1 [0026.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.712] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.adv")) returned 1 [0026.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.713] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc1, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.713] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.713] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="el", cAlternateFileName="")) returned 1 [0026.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.713] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.714] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.714] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.714] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x12a, lpOverlapped=0x0) returned 1 [0026.716] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.716] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x12a, lpOverlapped=0x0) returned 1 [0026.716] CloseHandle (hObject=0x60) returned 1 [0026.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.716] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.adv")) returned 1 [0026.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.717] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.717] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.717] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="en_GB", cAlternateFileName="")) returned 1 [0026.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.717] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.717] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.718] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb2, lpOverlapped=0x0) returned 1 [0026.719] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.719] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb2, lpOverlapped=0x0) returned 1 [0026.719] CloseHandle (hObject=0x60) returned 1 [0026.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.719] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json.adv")) returned 1 [0026.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.719] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.719] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.720] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="en_US", cAlternateFileName="")) returned 1 [0026.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.720] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.720] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.721] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.721] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.721] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x109, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x109, lpOverlapped=0x0) returned 1 [0026.722] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.722] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x109, lpOverlapped=0x0) returned 1 [0026.722] CloseHandle (hObject=0x60) returned 1 [0026.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.722] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json.adv")) returned 1 [0026.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.723] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.723] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.723] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.723] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.723] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.723] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="es", cAlternateFileName="")) returned 1 [0026.723] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.723] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.723] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.723] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.723] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.723] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.723] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcc, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.723] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.723] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.723] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.723] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcc, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xcc, lpOverlapped=0x0) returned 1 [0026.724] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.724] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcc, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xcc, lpOverlapped=0x0) returned 1 [0026.724] CloseHandle (hObject=0x60) returned 1 [0026.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.725] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.adv")) returned 1 [0026.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.725] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcc, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.725] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.725] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="es_419", cAlternateFileName="")) returned 1 [0026.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.726] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.726] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.727] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.727] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe3, lpOverlapped=0x0) returned 1 [0026.728] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.728] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe3, lpOverlapped=0x0) returned 1 [0026.728] CloseHandle (hObject=0x60) returned 1 [0026.728] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.728] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.adv")) returned 1 [0026.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.729] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.729] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.729] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="et", cAlternateFileName="")) returned 1 [0026.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.729] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.729] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.729] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.730] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd4, lpOverlapped=0x0) returned 1 [0026.730] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.730] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd4, lpOverlapped=0x0) returned 1 [0026.731] CloseHandle (hObject=0x60) returned 1 [0026.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.731] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.adv")) returned 1 [0026.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.731] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.731] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.731] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="eu", cAlternateFileName="")) returned 1 [0026.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.731] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.732] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.732] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x98, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.733] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x98, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x98, lpOverlapped=0x0) returned 1 [0026.733] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.734] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x98, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x98, lpOverlapped=0x0) returned 1 [0026.734] CloseHandle (hObject=0x60) returned 1 [0026.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.734] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.adv")) returned 1 [0026.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.734] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x98, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.734] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.734] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="fa", cAlternateFileName="")) returned 1 [0026.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.734] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.735] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.735] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.735] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.735] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.735] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.735] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xff, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xff, lpOverlapped=0x0) returned 1 [0026.736] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.736] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xff, lpOverlapped=0x0) returned 1 [0026.736] CloseHandle (hObject=0x60) returned 1 [0026.736] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.736] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.adv")) returned 1 [0026.737] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.737] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.737] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="fi", cAlternateFileName="")) returned 1 [0026.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.737] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.738] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.738] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb7, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.738] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.738] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.738] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb7, lpOverlapped=0x0) returned 1 [0026.739] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.739] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb7, lpOverlapped=0x0) returned 1 [0026.739] CloseHandle (hObject=0x60) returned 1 [0026.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.740] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.adv")) returned 1 [0026.740] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.740] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.740] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb7, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.740] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.740] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.740] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.740] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="fil", cAlternateFileName="")) returned 1 [0026.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.740] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.740] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.741] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.741] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc7, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.741] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.741] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc7, lpOverlapped=0x0) returned 1 [0026.742] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.742] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc7, lpOverlapped=0x0) returned 1 [0026.742] CloseHandle (hObject=0x60) returned 1 [0026.742] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.742] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.adv")) returned 1 [0026.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.743] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc7, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.743] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.743] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="fr", cAlternateFileName="")) returned 1 [0026.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.743] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.744] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.744] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.744] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xbb, lpOverlapped=0x0) returned 1 [0026.745] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.745] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xbb, lpOverlapped=0x0) returned 1 [0026.745] CloseHandle (hObject=0x60) returned 1 [0026.745] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.745] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.adv")) returned 1 [0026.746] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.746] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.746] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.746] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.746] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.746] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.746] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="fr_CA", cAlternateFileName="")) returned 1 [0026.746] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.746] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.746] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.747] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.747] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.747] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0026.748] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.748] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0026.748] CloseHandle (hObject=0x60) returned 1 [0026.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.748] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json.adv")) returned 1 [0026.749] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.749] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.749] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.749] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.749] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.749] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.749] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="gl", cAlternateFileName="")) returned 1 [0026.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.749] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.749] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.749] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.749] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.749] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.750] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xac, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xac, lpOverlapped=0x0) returned 1 [0026.751] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.751] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xac, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xac, lpOverlapped=0x0) returned 1 [0026.751] CloseHandle (hObject=0x60) returned 1 [0026.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.752] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.adv")) returned 1 [0026.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.752] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.752] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.752] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="gu", cAlternateFileName="")) returned 1 [0026.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.752] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.753] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.753] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.753] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11e, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x11e, lpOverlapped=0x0) returned 1 [0026.754] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.754] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11e, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x11e, lpOverlapped=0x0) returned 1 [0026.754] CloseHandle (hObject=0x60) returned 1 [0026.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.754] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.adv")) returned 1 [0026.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.755] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.755] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.755] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="hi", cAlternateFileName="")) returned 1 [0026.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.755] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.755] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.756] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.756] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.756] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.756] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.756] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13e, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x13e, lpOverlapped=0x0) returned 1 [0026.757] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.758] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x13e, lpOverlapped=0x0) returned 1 [0026.758] CloseHandle (hObject=0x60) returned 1 [0026.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.758] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.adv")) returned 1 [0026.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.758] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.758] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.758] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="hr", cAlternateFileName="")) returned 1 [0026.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.759] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.759] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.759] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.759] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.759] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc8, lpOverlapped=0x0) returned 1 [0026.760] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.760] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc8, lpOverlapped=0x0) returned 1 [0026.760] CloseHandle (hObject=0x60) returned 1 [0026.760] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.760] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.adv")) returned 1 [0026.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.761] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.761] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.761] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="hu", cAlternateFileName="")) returned 1 [0026.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.761] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.761] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.762] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc6, lpOverlapped=0x0) returned 1 [0026.763] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.763] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc6, lpOverlapped=0x0) returned 1 [0026.764] CloseHandle (hObject=0x60) returned 1 [0026.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.764] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.adv")) returned 1 [0026.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.764] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.764] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.764] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="hy", cAlternateFileName="")) returned 1 [0026.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.764] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.765] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.765] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x299, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.765] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.765] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x299, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x299, lpOverlapped=0x0) returned 1 [0026.767] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.767] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x299, lpOverlapped=0x0) returned 1 [0026.767] CloseHandle (hObject=0x60) returned 1 [0026.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.767] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.adv")) returned 1 [0026.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.767] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x299, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.767] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.768] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="id", cAlternateFileName="")) returned 1 [0026.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.768] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.768] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.768] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.769] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xbb, lpOverlapped=0x0) returned 1 [0026.770] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.770] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xbb, lpOverlapped=0x0) returned 1 [0026.770] CloseHandle (hObject=0x60) returned 1 [0026.770] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.770] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.adv")) returned 1 [0026.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.771] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.771] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.771] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="is", cAlternateFileName="")) returned 1 [0026.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.771] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.771] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.771] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.771] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.772] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb2, lpOverlapped=0x0) returned 1 [0026.772] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.772] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb2, lpOverlapped=0x0) returned 1 [0026.773] CloseHandle (hObject=0x60) returned 1 [0026.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.773] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.adv")) returned 1 [0026.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.773] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.773] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.773] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="it", cAlternateFileName="")) returned 1 [0026.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.773] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.774] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.774] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.776] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb6, lpOverlapped=0x0) returned 1 [0026.777] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.777] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb6, lpOverlapped=0x0) returned 1 [0026.777] CloseHandle (hObject=0x60) returned 1 [0026.777] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.777] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.adv")) returned 1 [0026.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.778] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.778] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.778] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="iw", cAlternateFileName="")) returned 1 [0026.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.778] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.778] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.778] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.779] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x16a, lpOverlapped=0x0) returned 1 [0026.780] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.780] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x16a, lpOverlapped=0x0) returned 1 [0026.780] CloseHandle (hObject=0x60) returned 1 [0026.780] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.780] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.adv")) returned 1 [0026.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.781] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.781] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.781] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ja", cAlternateFileName="")) returned 1 [0026.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.781] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.781] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.781] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.782] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfb, lpOverlapped=0x0) returned 1 [0026.783] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.783] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfb, lpOverlapped=0x0) returned 1 [0026.783] CloseHandle (hObject=0x60) returned 1 [0026.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.783] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.adv")) returned 1 [0026.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.784] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.784] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.784] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ka", cAlternateFileName="")) returned 1 [0026.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.784] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.784] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.784] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x165, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.785] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x165, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x165, lpOverlapped=0x0) returned 1 [0026.786] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.786] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x165, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x165, lpOverlapped=0x0) returned 1 [0026.786] CloseHandle (hObject=0x60) returned 1 [0026.786] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.786] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.adv")) returned 1 [0026.786] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.786] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.786] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x165, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.786] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.786] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.786] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.786] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="km", cAlternateFileName="")) returned 1 [0026.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.787] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.787] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.787] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x25f, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.788] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x25f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x25f, lpOverlapped=0x0) returned 1 [0026.790] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.790] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x25f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x25f, lpOverlapped=0x0) returned 1 [0026.790] CloseHandle (hObject=0x60) returned 1 [0026.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.790] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.adv")) returned 1 [0026.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.791] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x25f, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.791] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.791] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="kn", cAlternateFileName="")) returned 1 [0026.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.791] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.791] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.791] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x147, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.792] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x147, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x147, lpOverlapped=0x0) returned 1 [0026.792] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.792] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x147, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x147, lpOverlapped=0x0) returned 1 [0026.793] CloseHandle (hObject=0x60) returned 1 [0026.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.793] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.adv")) returned 1 [0026.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.793] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x147, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.793] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.793] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ko", cAlternateFileName="")) returned 1 [0026.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.793] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.794] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.794] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.794] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.794] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.794] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.794] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.795] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0026.796] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.796] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd9, lpOverlapped=0x0) returned 1 [0026.796] CloseHandle (hObject=0x60) returned 1 [0026.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.796] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.adv")) returned 1 [0026.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.796] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.796] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.796] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="lo", cAlternateFileName="")) returned 1 [0026.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.797] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.797] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.797] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.797] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x1c2, lpOverlapped=0x0) returned 1 [0026.798] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.798] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x1c2, lpOverlapped=0x0) returned 1 [0026.798] CloseHandle (hObject=0x60) returned 1 [0026.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.798] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.adv")) returned 1 [0026.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.799] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.799] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.799] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="lt", cAlternateFileName="")) returned 1 [0026.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.800] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.800] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.800] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.801] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.802] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.802] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd5, lpOverlapped=0x0) returned 1 [0026.802] CloseHandle (hObject=0x60) returned 1 [0026.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.802] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.adv")) returned 1 [0026.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.803] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.803] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.803] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="lv", cAlternateFileName="")) returned 1 [0026.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.803] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.803] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.804] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc6, lpOverlapped=0x0) returned 1 [0026.804] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.804] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc6, lpOverlapped=0x0) returned 1 [0026.805] CloseHandle (hObject=0x60) returned 1 [0026.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.805] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.adv")) returned 1 [0026.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.805] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.805] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.805] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ml", cAlternateFileName="")) returned 1 [0026.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.806] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.806] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x183, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.807] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x183, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x183, lpOverlapped=0x0) returned 1 [0026.808] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.808] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x183, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x183, lpOverlapped=0x0) returned 1 [0026.808] CloseHandle (hObject=0x60) returned 1 [0026.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.809] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.adv")) returned 1 [0026.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.809] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x183, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.809] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.809] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="mn", cAlternateFileName="")) returned 1 [0026.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.810] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.810] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c3, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.810] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x1c3, lpOverlapped=0x0) returned 1 [0026.811] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.811] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x1c3, lpOverlapped=0x0) returned 1 [0026.811] CloseHandle (hObject=0x60) returned 1 [0026.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.811] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.adv")) returned 1 [0026.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.812] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c3, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.812] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.812] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="mr", cAlternateFileName="")) returned 1 [0026.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.812] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.812] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.812] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.813] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12c, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x12c, lpOverlapped=0x0) returned 1 [0026.814] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.814] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12c, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x12c, lpOverlapped=0x0) returned 1 [0026.815] CloseHandle (hObject=0x60) returned 1 [0026.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.815] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.adv")) returned 1 [0026.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.817] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.817] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.818] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ms", cAlternateFileName="")) returned 1 [0026.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.818] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.818] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.818] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.818] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xcb, lpOverlapped=0x0) returned 1 [0026.819] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.819] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xcb, lpOverlapped=0x0) returned 1 [0026.820] CloseHandle (hObject=0x60) returned 1 [0026.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.820] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.adv")) returned 1 [0026.820] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.820] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.820] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.820] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.820] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.820] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.820] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ne", cAlternateFileName="")) returned 1 [0026.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.820] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.820] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.821] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.821] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x20b, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.821] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x20b, lpOverlapped=0x0) returned 1 [0026.822] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.822] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x20b, lpOverlapped=0x0) returned 1 [0026.822] CloseHandle (hObject=0x60) returned 1 [0026.822] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.822] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.adv")) returned 1 [0026.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.823] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x20b, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.823] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.823] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="nl", cAlternateFileName="")) returned 1 [0026.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.823] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.824] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.824] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb1, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.824] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb1, lpOverlapped=0x0) returned 1 [0026.825] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.825] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb1, lpOverlapped=0x0) returned 1 [0026.825] CloseHandle (hObject=0x60) returned 1 [0026.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.825] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.adv")) returned 1 [0026.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.826] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb1, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.826] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.826] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="no", cAlternateFileName="")) returned 1 [0026.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.826] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.826] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.826] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x96, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.827] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x96, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x96, lpOverlapped=0x0) returned 1 [0026.828] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.828] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x96, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x96, lpOverlapped=0x0) returned 1 [0026.828] CloseHandle (hObject=0x60) returned 1 [0026.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.828] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.adv")) returned 1 [0026.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.829] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x96, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.829] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.829] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="pl", cAlternateFileName="")) returned 1 [0026.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.829] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.830] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.830] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.830] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb4, lpOverlapped=0x0) returned 1 [0026.831] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.831] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb4, lpOverlapped=0x0) returned 1 [0026.831] CloseHandle (hObject=0x60) returned 1 [0026.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.831] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.adv")) returned 1 [0026.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.832] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.832] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.832] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0026.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.832] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.832] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.832] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.833] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xbb, lpOverlapped=0x0) returned 1 [0026.834] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.834] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xbb, lpOverlapped=0x0) returned 1 [0026.834] CloseHandle (hObject=0x60) returned 1 [0026.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.834] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json.adv")) returned 1 [0026.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.834] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.834] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.835] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0026.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.835] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.836] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.836] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.836] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc6, lpOverlapped=0x0) returned 1 [0026.837] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.837] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc6, lpOverlapped=0x0) returned 1 [0026.837] CloseHandle (hObject=0x60) returned 1 [0026.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.838] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json.adv")) returned 1 [0026.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.838] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.838] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.838] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ro", cAlternateFileName="")) returned 1 [0026.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.838] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.839] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.839] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.839] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.839] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.839] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.839] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xaf, lpOverlapped=0x0) returned 1 [0026.840] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.840] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xaf, lpOverlapped=0x0) returned 1 [0026.840] CloseHandle (hObject=0x60) returned 1 [0026.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.840] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.adv")) returned 1 [0026.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.841] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.841] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.841] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ru", cAlternateFileName="")) returned 1 [0026.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.841] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.842] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.842] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.842] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.842] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.842] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.842] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x119, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x119, lpOverlapped=0x0) returned 1 [0026.843] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.843] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x119, lpOverlapped=0x0) returned 1 [0026.843] CloseHandle (hObject=0x60) returned 1 [0026.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.844] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.adv")) returned 1 [0026.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.844] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.844] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.844] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="si", cAlternateFileName="")) returned 1 [0026.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.844] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.845] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.845] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.845] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14e, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x14e, lpOverlapped=0x0) returned 1 [0026.846] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.846] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14e, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x14e, lpOverlapped=0x0) returned 1 [0026.846] CloseHandle (hObject=0x60) returned 1 [0026.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.846] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.adv")) returned 1 [0026.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.847] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.847] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.847] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="sk", cAlternateFileName="")) returned 1 [0026.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.847] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.848] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.848] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc5, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.848] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc5, lpOverlapped=0x0) returned 1 [0026.849] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.849] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc5, lpOverlapped=0x0) returned 1 [0026.849] CloseHandle (hObject=0x60) returned 1 [0026.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.849] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.adv")) returned 1 [0026.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.850] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc5, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.850] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.850] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="sl", cAlternateFileName="")) returned 1 [0026.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.851] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.851] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.851] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.851] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.851] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.851] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbe, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xbe, lpOverlapped=0x0) returned 1 [0026.852] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.852] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbe, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xbe, lpOverlapped=0x0) returned 1 [0026.852] CloseHandle (hObject=0x60) returned 1 [0026.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.852] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.adv")) returned 1 [0026.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.853] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.853] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.853] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="sr", cAlternateFileName="")) returned 1 [0026.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.853] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.854] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.854] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.854] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0026.855] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.855] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x104, lpOverlapped=0x0) returned 1 [0026.855] CloseHandle (hObject=0x60) returned 1 [0026.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.856] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.adv")) returned 1 [0026.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.856] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.856] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.856] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="sv", cAlternateFileName="")) returned 1 [0026.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.857] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.857] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.857] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.858] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.858] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb3, lpOverlapped=0x0) returned 1 [0026.858] CloseHandle (hObject=0x60) returned 1 [0026.858] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.858] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.adv")) returned 1 [0026.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.859] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.859] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.859] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="sw", cAlternateFileName="")) returned 1 [0026.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.859] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.860] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.860] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.860] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc4, lpOverlapped=0x0) returned 1 [0026.861] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.861] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc4, lpOverlapped=0x0) returned 1 [0026.861] CloseHandle (hObject=0x60) returned 1 [0026.861] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.862] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.adv")) returned 1 [0026.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.862] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.862] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.862] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ta", cAlternateFileName="")) returned 1 [0026.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.862] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.862] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.862] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x150, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.863] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.863] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x150, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x150, lpOverlapped=0x0) returned 1 [0026.864] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.864] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x150, lpOverlapped=0x0) returned 1 [0026.864] CloseHandle (hObject=0x60) returned 1 [0026.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.864] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.adv")) returned 1 [0026.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.865] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x150, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.865] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.865] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="te", cAlternateFileName="")) returned 1 [0026.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.865] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.866] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.866] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.866] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x115, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x115, lpOverlapped=0x0) returned 1 [0026.867] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.867] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x115, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x115, lpOverlapped=0x0) returned 1 [0026.867] CloseHandle (hObject=0x60) returned 1 [0026.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.867] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.adv")) returned 1 [0026.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.868] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.868] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.868] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="th", cAlternateFileName="")) returned 1 [0026.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.868] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.868] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.868] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.869] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x125, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x125, lpOverlapped=0x0) returned 1 [0026.870] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.870] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x125, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x125, lpOverlapped=0x0) returned 1 [0026.870] CloseHandle (hObject=0x60) returned 1 [0026.870] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.870] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.adv")) returned 1 [0026.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.870] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.870] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.871] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="tr", cAlternateFileName="")) returned 1 [0026.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.871] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.872] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.872] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcd, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.872] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.872] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.872] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.872] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xcd, lpOverlapped=0x0) returned 1 [0026.873] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.873] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xcd, lpOverlapped=0x0) returned 1 [0026.873] CloseHandle (hObject=0x60) returned 1 [0026.873] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.873] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.adv")) returned 1 [0026.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.874] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcd, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.874] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.874] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="uk", cAlternateFileName="")) returned 1 [0026.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.874] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.874] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.874] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.875] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x115, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x115, lpOverlapped=0x0) returned 1 [0026.875] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.876] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x115, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x115, lpOverlapped=0x0) returned 1 [0026.876] CloseHandle (hObject=0x60) returned 1 [0026.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.876] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.adv")) returned 1 [0026.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.876] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.876] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.876] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="ur", cAlternateFileName="")) returned 1 [0026.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.876] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.878] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.878] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x177, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.878] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.878] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x177, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x177, lpOverlapped=0x0) returned 1 [0026.879] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.879] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x177, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x177, lpOverlapped=0x0) returned 1 [0026.879] CloseHandle (hObject=0x60) returned 1 [0026.879] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.adv")) returned 1 [0026.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.880] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x177, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.880] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.880] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="vi", cAlternateFileName="")) returned 1 [0026.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.880] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.880] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.880] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.880] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0026.882] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.882] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdd, lpOverlapped=0x0) returned 1 [0026.882] CloseHandle (hObject=0x60) returned 1 [0026.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.882] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.adv")) returned 1 [0026.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.882] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.882] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.883] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.883] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0026.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.883] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.883] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.883] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.883] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.884] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.884] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.884] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.884] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xb0, lpOverlapped=0x0) returned 1 [0026.885] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.885] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xb0, lpOverlapped=0x0) returned 1 [0026.885] CloseHandle (hObject=0x60) returned 1 [0026.885] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.885] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json.adv")) returned 1 [0026.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.886] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.886] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.886] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="zh_HK", cAlternateFileName="")) returned 1 [0026.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.886] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.886] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.886] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.887] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0026.888] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.888] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0026.888] CloseHandle (hObject=0x60) returned 1 [0026.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.888] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json.adv")) returned 1 [0026.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.888] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.889] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.889] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0026.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.889] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.890] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.890] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaa, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.890] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaa, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xaa, lpOverlapped=0x0) returned 1 [0026.891] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.891] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaa, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xaa, lpOverlapped=0x0) returned 1 [0026.891] CloseHandle (hObject=0x60) returned 1 [0026.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.891] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json.adv")) returned 1 [0026.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.892] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaa, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.892] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.892] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="zu", cAlternateFileName="")) returned 1 [0026.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0026.892] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.892] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="..", cAlternateFileName="")) returned 1 [0026.892] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xc2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0026.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0026.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0026.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.893] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xc2, lpOverlapped=0x0) returned 1 [0026.893] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.894] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xc2, lpOverlapped=0x0) returned 1 [0026.894] CloseHandle (hObject=0x60) returned 1 [0026.894] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0026.894] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.adv")) returned 1 [0026.894] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0026.894] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0026.894] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xc2, dwReserved0=0x1d2dd9e, dwReserved1=0x85fec7e0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.894] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.894] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.894] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.894] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="zu", cAlternateFileName="")) returned 0 [0026.894] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.894] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0026.895] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.895] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0026.895] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0026.895] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0026.895] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0026.895] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.895] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0026.895] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.896] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="..", cAlternateFileName="")) returned 1 [0026.896] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8636e710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf3, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0026.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.896] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaf3, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0xaf3, lpOverlapped=0x0) returned 1 [0026.898] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.898] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaf3, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0xaf3, lpOverlapped=0x0) returned 1 [0026.898] CloseHandle (hObject=0x5c) returned 1 [0026.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fa8 [0026.898] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.adv")) returned 1 [0026.898] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.898] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.898] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x4454, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0026.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0026.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0026.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0026.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.899] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4454, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x4454, lpOverlapped=0x0) returned 1 [0026.900] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.900] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4454, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x4454, lpOverlapped=0x0) returned 1 [0026.901] CloseHandle (hObject=0x5c) returned 1 [0026.901] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fa8 [0026.901] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.adv")) returned 1 [0026.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0026.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0026.901] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x4454, dwReserved0=0x0, dwReserved1=0x7b9, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0026.901] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0026.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0026.901] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86322450, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0026.901] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0026.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0026.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0026.901] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="1.4_0", cAlternateFileName="")) returned 0 [0026.901] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0026.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4c0 | out: hHeap=0x6d0000) returned 1 [0026.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0026.902] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="nmmhkkegccagdldgiimedpiccmgmieda", cAlternateFileName="NMMHKK~1")) returned 1 [0026.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0026.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec2b8 [0026.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0026.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ec4c0 [0026.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.902] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0026.902] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0026.902] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="1.0.0.2_0", cAlternateFileName="100~1.2_0")) returned 1 [0026.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0026.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ed638 [0026.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0026.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0026.902] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0026.906] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="..", cAlternateFileName="")) returned 1 [0026.906] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82888510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8288ac20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xba221600, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x32a2e, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="craw_background.js", cAlternateFileName="CRAW_B~1.JS")) returned 1 [0026.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef9d0 [0026.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efae8 [0026.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9d0 | out: hHeap=0x6d0000) returned 1 [0026.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.907] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x32a2e, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x32a2e, lpOverlapped=0x0) returned 1 [0026.911] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.911] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x32a2e, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x32a2e, lpOverlapped=0x0) returned 1 [0026.912] CloseHandle (hObject=0x58) returned 1 [0026.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efc88 [0026.912] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.adv")) returned 1 [0026.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0026.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efae8 | out: hHeap=0x6d0000) returned 1 [0026.913] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8288d330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82892150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xba221600, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x3b059, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="craw_window.js", cAlternateFileName="CRAW_W~1.JS")) returned 1 [0026.913] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef9d0 [0026.913] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efae8 [0026.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9d0 | out: hHeap=0x6d0000) returned 1 [0026.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.914] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3b059, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x3b059, lpOverlapped=0x0) returned 1 [0026.918] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.918] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3b059, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x3b059, lpOverlapped=0x0) returned 1 [0026.919] CloseHandle (hObject=0x58) returned 1 [0026.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efc88 [0026.919] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.adv")) returned 1 [0026.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0026.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efae8 | out: hHeap=0x6d0000) returned 1 [0026.919] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="css", cAlternateFileName="")) returned 1 [0026.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef9d0 [0026.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efae8 [0026.919] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.920] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="..", cAlternateFileName="")) returned 1 [0026.920] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82899680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaae46e00, ftLastWriteTime.dwHighDateTime=0x1cec2fb, nFileSizeHigh=0x0, nFileSizeLow=0x6cd, dwReserved0=0x0, dwReserved1=0x792, cFileName="craw_window.css", cAlternateFileName="CRAW_W~1.CSS")) returned 1 [0026.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f0c08 [0026.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0d20 [0026.920] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c08 | out: hHeap=0x6d0000) returned 1 [0026.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.920] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6cd, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x6cd, lpOverlapped=0x0) returned 1 [0026.922] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.922] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6cd, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x6cd, lpOverlapped=0x0) returned 1 [0026.922] CloseHandle (hObject=0x5c) returned 1 [0026.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f0ec0 [0026.922] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.adv")) returned 1 [0026.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ec0 | out: hHeap=0x6d0000) returned 1 [0026.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d20 | out: hHeap=0x6d0000) returned 1 [0026.922] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82899680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaae46e00, ftLastWriteTime.dwHighDateTime=0x1cec2fb, nFileSizeHigh=0x0, nFileSizeLow=0x6cd, dwReserved0=0x0, dwReserved1=0x792, cFileName="craw_window.css", cAlternateFileName="CRAW_W~1.CSS")) returned 0 [0026.922] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efae8 | out: hHeap=0x6d0000) returned 1 [0026.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9d0 | out: hHeap=0x6d0000) returned 1 [0026.923] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="html", cAlternateFileName="")) returned 1 [0026.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef9d0 [0026.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efae8 [0026.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc00 [0026.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efae8 | out: hHeap=0x6d0000) returned 1 [0026.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.923] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="..", cAlternateFileName="")) returned 1 [0026.923] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a0bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x32a, dwReserved0=0x0, dwReserved1=0x792, cFileName="craw_window.html", cAlternateFileName="CRAW_W~1.HTM")) returned 1 [0026.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efae8 [0026.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0da8 [0026.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efae8 | out: hHeap=0x6d0000) returned 1 [0026.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.924] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x32a, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x32a, lpOverlapped=0x0) returned 1 [0026.926] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.926] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x32a, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x32a, lpOverlapped=0x0) returned 1 [0026.926] CloseHandle (hObject=0x5c) returned 1 [0026.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f0f48 [0026.926] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.adv")) returned 1 [0026.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f48 | out: hHeap=0x6d0000) returned 1 [0026.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0da8 | out: hHeap=0x6d0000) returned 1 [0026.926] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a0bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x32a, dwReserved0=0x0, dwReserved1=0x792, cFileName="craw_window.html", cAlternateFileName="CRAW_W~1.HTM")) returned 0 [0026.926] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc00 | out: hHeap=0x6d0000) returned 1 [0026.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9d0 | out: hHeap=0x6d0000) returned 1 [0026.927] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="images", cAlternateFileName="")) returned 1 [0026.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef9d0 [0026.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efae8 [0026.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9d0 | out: hHeap=0x6d0000) returned 1 [0026.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efc88 [0026.927] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.928] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="..", cAlternateFileName="")) returned 1 [0026.929] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a80e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828aa7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x112dc, dwReserved0=0x0, dwReserved1=0x792, cFileName="flapper.gif", cAlternateFileName="")) returned 1 [0026.929] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.929] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.929] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x112dc, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x112dc, lpOverlapped=0x0) returned 1 [0026.931] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.931] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x112dc, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x112dc, lpOverlapped=0x0) returned 1 [0026.932] CloseHandle (hObject=0x5c) returned 1 [0026.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f1098 [0026.932] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.adv")) returned 1 [0026.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.932] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828af610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1109, dwReserved0=0x0, dwReserved1=0x792, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0026.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.932] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1109, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x1109, lpOverlapped=0x0) returned 1 [0026.934] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.934] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1109, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x1109, lpOverlapped=0x0) returned 1 [0026.934] CloseHandle (hObject=0x5c) returned 1 [0026.934] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f1098 [0026.934] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.adv")) returned 1 [0026.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.935] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828c7cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22c, dwReserved0=0x0, dwReserved1=0x792, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0026.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.935] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.936] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x22c, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x22c, lpOverlapped=0x0) returned 1 [0026.937] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.937] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x22c, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x22c, lpOverlapped=0x0) returned 1 [0026.937] CloseHandle (hObject=0x5c) returned 1 [0026.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f1098 [0026.937] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.adv")) returned 1 [0026.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.937] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ccad0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ccad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x792, cFileName="topbar_floating_button.png", cAlternateFileName="TOPBAR~1.PNG")) returned 1 [0026.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.938] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0xa0, lpOverlapped=0x0) returned 1 [0026.939] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.939] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0xa0, lpOverlapped=0x0) returned 1 [0026.939] CloseHandle (hObject=0x5c) returned 1 [0026.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f1098 [0026.939] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.adv")) returned 1 [0026.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.939] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828cf1e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d18f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x792, cFileName="topbar_floating_button_close.png", cAlternateFileName="TOPBAR~2.PNG")) returned 1 [0026.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.940] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfc, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0xfc, lpOverlapped=0x0) returned 1 [0026.941] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.941] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0xfc, lpOverlapped=0x0) returned 1 [0026.941] CloseHandle (hObject=0x5c) returned 1 [0026.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f1098 [0026.941] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.adv")) returned 1 [0026.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.942] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d6710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d6710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x792, cFileName="topbar_floating_button_hover.png", cAlternateFileName="TOPBAR~3.PNG")) returned 1 [0026.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.942] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0xa0, lpOverlapped=0x0) returned 1 [0026.943] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.943] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0xa0, lpOverlapped=0x0) returned 1 [0026.943] CloseHandle (hObject=0x5c) returned 1 [0026.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f1098 [0026.943] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.adv")) returned 1 [0026.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.944] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d8e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d8e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa6, dwReserved0=0x0, dwReserved1=0x792, cFileName="topbar_floating_button_maximize.png", cAlternateFileName="TOPBAR~4.PNG")) returned 1 [0026.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.945] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa6, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0xa6, lpOverlapped=0x0) returned 1 [0026.946] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.946] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa6, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0xa6, lpOverlapped=0x0) returned 1 [0026.946] CloseHandle (hObject=0x5c) returned 1 [0026.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x170) returned 0x6f1098 [0026.946] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.adv")) returned 1 [0026.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.947] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ddc40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ddc40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x792, cFileName="topbar_floating_button_pressed.png", cAlternateFileName="TOF9E1~1.PNG")) returned 1 [0026.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0026.947] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0xa0, lpOverlapped=0x0) returned 1 [0026.948] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.948] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0xa0, lpOverlapped=0x0) returned 1 [0026.948] CloseHandle (hObject=0x5c) returned 1 [0026.948] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f1098 [0026.948] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.adv")) returned 1 [0026.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.949] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ddc40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ddc40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x792, cFileName="topbar_floating_button_pressed.png", cAlternateFileName="TOF9E1~1.PNG")) returned 0 [0026.949] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0026.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0026.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efae8 | out: hHeap=0x6d0000) returned 1 [0026.949] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826545a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e2a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aa3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0026.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef9d0 [0026.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efae8 [0026.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9d0 | out: hHeap=0x6d0000) returned 1 [0026.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0026.949] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x52a, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x52a, lpOverlapped=0x0) returned 1 [0026.951] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.951] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x52a, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x52a, lpOverlapped=0x0) returned 1 [0026.951] CloseHandle (hObject=0x58) returned 1 [0026.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efc88 [0026.951] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.adv")) returned 1 [0026.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0026.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efae8 | out: hHeap=0x6d0000) returned 1 [0026.954] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="_locales", cAlternateFileName="")) returned 1 [0026.954] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef9d0 [0026.954] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efae8 [0026.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9d0 | out: hHeap=0x6d0000) returned 1 [0026.954] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efc88 [0026.954] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0026.955] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="..", cAlternateFileName="")) returned 1 [0026.955] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="bg", cAlternateFileName="")) returned 1 [0026.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.955] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.955] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.955] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8266f350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x376, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.956] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x376, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x376, lpOverlapped=0x0) returned 1 [0026.958] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.958] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x376, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x376, lpOverlapped=0x0) returned 1 [0026.958] CloseHandle (hObject=0x60) returned 1 [0026.958] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0026.958] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.adv")) returned 1 [0026.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0026.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0026.959] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8266f350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x376, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.959] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.959] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="ca", cAlternateFileName="")) returned 1 [0026.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.959] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.960] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.960] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8267ddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.960] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2c1, lpOverlapped=0x0) returned 1 [0026.962] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.962] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2c1, lpOverlapped=0x0) returned 1 [0026.962] CloseHandle (hObject=0x60) returned 1 [0026.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0026.962] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.adv")) returned 1 [0026.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0026.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0026.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8267ddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.963] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.963] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="cs", cAlternateFileName="")) returned 1 [0026.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826a27a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x297, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.964] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x297, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x297, lpOverlapped=0x0) returned 1 [0026.966] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.966] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x297, lpOverlapped=0x0) returned 1 [0026.966] CloseHandle (hObject=0x60) returned 1 [0026.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0026.966] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.adv")) returned 1 [0026.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0026.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0026.966] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826a27a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x297, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.966] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.966] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="da", cAlternateFileName="")) returned 1 [0026.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.967] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.967] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826b1200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.967] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x282, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x282, lpOverlapped=0x0) returned 1 [0026.971] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.971] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x282, lpOverlapped=0x0) returned 1 [0026.971] CloseHandle (hObject=0x60) returned 1 [0026.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0026.972] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.adv")) returned 1 [0026.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0026.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0026.972] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826b1200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.972] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.972] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="de", cAlternateFileName="")) returned 1 [0026.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.973] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.973] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.973] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bd, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.974] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2bd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2bd, lpOverlapped=0x0) returned 1 [0026.975] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.975] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2bd, lpOverlapped=0x0) returned 1 [0026.975] CloseHandle (hObject=0x60) returned 1 [0026.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0026.976] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.adv")) returned 1 [0026.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0026.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0026.976] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bd, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.976] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.976] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="el", cAlternateFileName="")) returned 1 [0026.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.976] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.976] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.977] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826c7190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.977] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x36b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x36b, lpOverlapped=0x0) returned 1 [0026.979] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.979] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x36b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x36b, lpOverlapped=0x0) returned 1 [0026.979] CloseHandle (hObject=0x60) returned 1 [0026.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0026.979] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.adv")) returned 1 [0026.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0026.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0026.979] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826c7190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.979] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.979] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="en", cAlternateFileName="")) returned 1 [0026.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.980] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.980] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.980] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826d0dd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d34e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.981] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x269, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x269, lpOverlapped=0x0) returned 1 [0026.982] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.982] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x269, lpOverlapped=0x0) returned 1 [0026.982] CloseHandle (hObject=0x60) returned 1 [0026.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0026.983] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.adv")) returned 1 [0026.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0026.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0026.983] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826d0dd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d34e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.983] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.983] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="en_GB", cAlternateFileName="")) returned 1 [0026.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f1098 [0026.983] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.984] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.984] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826df830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826e1f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f21d8 [0026.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2310 [0026.984] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f21d8 | out: hHeap=0x6d0000) returned 1 [0026.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.984] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x269, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x269, lpOverlapped=0x0) returned 1 [0026.986] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.986] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x269, lpOverlapped=0x0) returned 1 [0026.986] CloseHandle (hObject=0x60) returned 1 [0026.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f24e0 [0026.986] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json.adv")) returned 1 [0026.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f24e0 | out: hHeap=0x6d0000) returned 1 [0026.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2310 | out: hHeap=0x6d0000) returned 1 [0026.986] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826df830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826e1f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.986] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.986] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="es", cAlternateFileName="")) returned 1 [0026.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.987] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.987] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.987] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826ebb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b8, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.988] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2b8, lpOverlapped=0x0) returned 1 [0026.989] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.989] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2b8, lpOverlapped=0x0) returned 1 [0026.989] CloseHandle (hObject=0x60) returned 1 [0026.989] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0026.990] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.adv")) returned 1 [0026.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0026.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0026.990] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826ebb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b8, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.990] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.990] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="es_419", cAlternateFileName="")) returned 1 [0026.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0026.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f1098 [0026.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.991] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.991] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826f7ed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f21d8 [0026.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2310 [0026.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f21d8 | out: hHeap=0x6d0000) returned 1 [0026.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.991] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x29b, lpOverlapped=0x0) returned 1 [0026.993] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.993] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x29b, lpOverlapped=0x0) returned 1 [0026.993] CloseHandle (hObject=0x60) returned 1 [0026.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f24e0 [0026.993] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.adv")) returned 1 [0026.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f24e0 | out: hHeap=0x6d0000) returned 1 [0026.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2310 | out: hHeap=0x6d0000) returned 1 [0026.994] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826f7ed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.994] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0026.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.994] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="et", cAlternateFileName="")) returned 1 [0026.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.994] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.994] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82701b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82704220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x261, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.995] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x261, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x261, lpOverlapped=0x0) returned 1 [0026.996] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0026.996] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x261, lpOverlapped=0x0) returned 1 [0026.996] CloseHandle (hObject=0x60) returned 1 [0026.996] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0026.996] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.adv")) returned 1 [0026.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0026.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0026.997] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82701b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82704220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x261, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0026.997] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0026.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0026.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0026.997] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="fi", cAlternateFileName="")) returned 1 [0026.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0026.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0026.997] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0026.997] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0026.997] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8270de60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a1, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0026.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0026.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0026.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0026.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0026.998] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2a1, lpOverlapped=0x0) returned 1 [0027.000] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.000] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2a1, lpOverlapped=0x0) returned 1 [0027.000] CloseHandle (hObject=0x60) returned 1 [0027.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.000] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.adv")) returned 1 [0027.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.000] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8270de60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a1, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.000] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.001] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="fil", cAlternateFileName="")) returned 1 [0027.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f1008 [0027.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.001] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.001] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.001] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82717aa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b4, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f21c8 [0027.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.002] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2b4, lpOverlapped=0x0) returned 1 [0027.003] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.003] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2b4, lpOverlapped=0x0) returned 1 [0027.004] CloseHandle (hObject=0x60) returned 1 [0027.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f2380 [0027.004] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.adv")) returned 1 [0027.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2380 | out: hHeap=0x6d0000) returned 1 [0027.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f21c8 | out: hHeap=0x6d0000) returned 1 [0027.004] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82717aa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b4, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.004] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1008 | out: hHeap=0x6d0000) returned 1 [0027.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.004] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="fr", cAlternateFileName="")) returned 1 [0027.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.005] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.005] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827216e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82723df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c4, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.005] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2c4, lpOverlapped=0x0) returned 1 [0027.007] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.007] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2c4, lpOverlapped=0x0) returned 1 [0027.007] CloseHandle (hObject=0x60) returned 1 [0027.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.007] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.adv")) returned 1 [0027.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.008] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827216e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82723df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c4, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.008] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.008] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="hi", cAlternateFileName="")) returned 1 [0027.008] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.008] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.008] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.008] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.008] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8272da30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ad, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.008] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.008] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.009] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3ad, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3ad, lpOverlapped=0x0) returned 1 [0027.011] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.011] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3ad, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3ad, lpOverlapped=0x0) returned 1 [0027.011] CloseHandle (hObject=0x60) returned 1 [0027.011] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.011] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.adv")) returned 1 [0027.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.011] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8272da30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ad, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.012] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.012] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="hr", cAlternateFileName="")) returned 1 [0027.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.012] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.012] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.012] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827439c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827460d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x279, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.012] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x279, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x279, lpOverlapped=0x0) returned 1 [0027.014] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.014] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x279, lpOverlapped=0x0) returned 1 [0027.014] CloseHandle (hObject=0x60) returned 1 [0027.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.014] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.adv")) returned 1 [0027.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.015] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827439c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827460d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x279, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.015] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.015] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="hu", cAlternateFileName="")) returned 1 [0027.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.015] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.016] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.016] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8274d600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274fd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c6, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.017] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2c6, lpOverlapped=0x0) returned 1 [0027.018] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.018] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2c6, lpOverlapped=0x0) returned 1 [0027.018] CloseHandle (hObject=0x60) returned 1 [0027.018] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.019] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.adv")) returned 1 [0027.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.019] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8274d600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274fd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c6, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.019] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.019] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="id", cAlternateFileName="")) returned 1 [0027.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.019] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.020] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.020] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.020] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x269, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x269, lpOverlapped=0x0) returned 1 [0027.022] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.022] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x269, lpOverlapped=0x0) returned 1 [0027.022] CloseHandle (hObject=0x60) returned 1 [0027.022] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.022] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.adv")) returned 1 [0027.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.023] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.023] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.023] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="it", cAlternateFileName="")) returned 1 [0027.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.023] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.023] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.023] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8275c060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x26e, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.024] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x26e, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x26e, lpOverlapped=0x0) returned 1 [0027.026] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.026] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x26e, lpOverlapped=0x0) returned 1 [0027.026] CloseHandle (hObject=0x60) returned 1 [0027.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.026] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.adv")) returned 1 [0027.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.027] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8275c060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x26e, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.027] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.027] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="ja", cAlternateFileName="")) returned 1 [0027.027] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.027] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.027] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.027] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.027] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82765ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30a, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.027] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.027] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.028] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x30a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x30a, lpOverlapped=0x0) returned 1 [0027.029] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.029] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x30a, lpOverlapped=0x0) returned 1 [0027.029] CloseHandle (hObject=0x60) returned 1 [0027.029] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.029] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.adv")) returned 1 [0027.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.030] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82765ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30a, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.030] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.030] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="ko", cAlternateFileName="")) returned 1 [0027.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.030] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.030] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.030] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8276f8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29d, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.031] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29d, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x29d, lpOverlapped=0x0) returned 1 [0027.033] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.033] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x29d, lpOverlapped=0x0) returned 1 [0027.033] CloseHandle (hObject=0x60) returned 1 [0027.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.033] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.adv")) returned 1 [0027.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.034] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8276f8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29d, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.034] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.034] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="lt", cAlternateFileName="")) returned 1 [0027.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.034] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.034] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.034] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82779520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ae, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.034] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2ae, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2ae, lpOverlapped=0x0) returned 1 [0027.036] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.036] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2ae, lpOverlapped=0x0) returned 1 [0027.036] CloseHandle (hObject=0x60) returned 1 [0027.036] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.036] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.adv")) returned 1 [0027.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.037] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82779520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ae, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.037] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.037] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="lv", cAlternateFileName="")) returned 1 [0027.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.037] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.037] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.037] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82783160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bb, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.038] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.038] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2bb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2bb, lpOverlapped=0x0) returned 1 [0027.040] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.040] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2bb, lpOverlapped=0x0) returned 1 [0027.040] CloseHandle (hObject=0x60) returned 1 [0027.040] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.040] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.adv")) returned 1 [0027.040] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.040] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.041] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82783160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bb, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.041] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.041] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="nb", cAlternateFileName="")) returned 1 [0027.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.041] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.041] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.041] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8278a690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x284, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.041] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x284, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x284, lpOverlapped=0x0) returned 1 [0027.043] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.043] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x284, lpOverlapped=0x0) returned 1 [0027.043] CloseHandle (hObject=0x60) returned 1 [0027.043] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.043] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.adv")) returned 1 [0027.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.044] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8278a690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x284, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.044] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.044] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="nl", cAlternateFileName="")) returned 1 [0027.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.044] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.044] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.044] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827942d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827969e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.045] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x282, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x282, lpOverlapped=0x0) returned 1 [0027.046] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.046] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x282, lpOverlapped=0x0) returned 1 [0027.047] CloseHandle (hObject=0x60) returned 1 [0027.047] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.047] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.adv")) returned 1 [0027.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.047] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827942d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827969e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.047] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.047] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="pl", cAlternateFileName="")) returned 1 [0027.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.048] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.048] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.048] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8279df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.048] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x29a, lpOverlapped=0x0) returned 1 [0027.050] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.050] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x29a, lpOverlapped=0x0) returned 1 [0027.050] CloseHandle (hObject=0x60) returned 1 [0027.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.050] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.adv")) returned 1 [0027.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.051] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8279df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.051] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.051] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0027.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0027.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f1098 [0027.051] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.051] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.051] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827a5440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f21d8 [0027.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2310 [0027.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f21d8 | out: hHeap=0x6d0000) returned 1 [0027.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.052] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x29b, lpOverlapped=0x0) returned 1 [0027.054] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.054] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x29b, lpOverlapped=0x0) returned 1 [0027.054] CloseHandle (hObject=0x60) returned 1 [0027.054] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f24e0 [0027.054] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json.adv")) returned 1 [0027.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f24e0 | out: hHeap=0x6d0000) returned 1 [0027.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2310 | out: hHeap=0x6d0000) returned 1 [0027.055] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827a5440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.055] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0027.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.055] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0027.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0027.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f1098 [0027.055] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.055] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.055] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827af080, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x295, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f21d8 [0027.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2310 [0027.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f21d8 | out: hHeap=0x6d0000) returned 1 [0027.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.056] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x295, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x295, lpOverlapped=0x0) returned 1 [0027.057] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.057] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x295, lpOverlapped=0x0) returned 1 [0027.057] CloseHandle (hObject=0x60) returned 1 [0027.057] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f24e0 [0027.058] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json.adv")) returned 1 [0027.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f24e0 | out: hHeap=0x6d0000) returned 1 [0027.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2310 | out: hHeap=0x6d0000) returned 1 [0027.058] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827af080, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x295, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.058] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0027.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.058] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="ro", cAlternateFileName="")) returned 1 [0027.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.058] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.058] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.058] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827b65b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b8cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.059] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29c, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x29c, lpOverlapped=0x0) returned 1 [0027.061] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.061] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x29c, lpOverlapped=0x0) returned 1 [0027.061] CloseHandle (hObject=0x60) returned 1 [0027.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.061] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.adv")) returned 1 [0027.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.062] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827b65b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b8cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.062] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.062] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="ru", cAlternateFileName="")) returned 1 [0027.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.062] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.062] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.062] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827cc540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cec50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30f, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.063] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x30f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x30f, lpOverlapped=0x0) returned 1 [0027.064] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.064] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x30f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x30f, lpOverlapped=0x0) returned 1 [0027.064] CloseHandle (hObject=0x60) returned 1 [0027.064] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.adv")) returned 1 [0027.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.065] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827cc540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cec50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30f, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.065] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.065] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="sk", cAlternateFileName="")) returned 1 [0027.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.065] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.065] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.065] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827e72f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e9a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29f, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.066] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x29f, lpOverlapped=0x0) returned 1 [0027.068] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.068] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x29f, lpOverlapped=0x0) returned 1 [0027.068] CloseHandle (hObject=0x60) returned 1 [0027.068] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.068] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.adv")) returned 1 [0027.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.069] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827e72f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e9a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29f, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.069] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.069] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="sl", cAlternateFileName="")) returned 1 [0027.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.069] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.069] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.069] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827fab70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fd280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.070] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x282, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x282, lpOverlapped=0x0) returned 1 [0027.071] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.071] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x282, lpOverlapped=0x0) returned 1 [0027.072] CloseHandle (hObject=0x60) returned 1 [0027.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.072] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.adv")) returned 1 [0027.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.072] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827fab70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fd280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.072] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.072] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="sr", cAlternateFileName="")) returned 1 [0027.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.072] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.073] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.073] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8280e3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82821c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x32c, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.074] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x32c, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x32c, lpOverlapped=0x0) returned 1 [0027.075] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.075] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x32c, lpOverlapped=0x0) returned 1 [0027.075] CloseHandle (hObject=0x60) returned 1 [0027.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.075] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.adv")) returned 1 [0027.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.076] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8280e3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82821c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x32c, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.076] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.076] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="sv", cAlternateFileName="")) returned 1 [0027.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.076] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.076] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.076] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828306d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8283ca20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.077] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x289, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x289, lpOverlapped=0x0) returned 1 [0027.079] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.079] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x289, lpOverlapped=0x0) returned 1 [0027.079] CloseHandle (hObject=0x60) returned 1 [0027.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.079] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.adv")) returned 1 [0027.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.079] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828306d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8283ca20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.080] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.080] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="th", cAlternateFileName="")) returned 1 [0027.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.080] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.080] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.080] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828529b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x44b, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.081] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x44b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x44b, lpOverlapped=0x0) returned 1 [0027.082] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.082] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x44b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x44b, lpOverlapped=0x0) returned 1 [0027.083] CloseHandle (hObject=0x60) returned 1 [0027.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.083] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.adv")) returned 1 [0027.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.083] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828529b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x44b, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.083] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.083] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="tr", cAlternateFileName="")) returned 1 [0027.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.083] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.084] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.084] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82866230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28a, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.084] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x28a, lpOverlapped=0x0) returned 1 [0027.086] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.086] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x28a, lpOverlapped=0x0) returned 1 [0027.086] CloseHandle (hObject=0x60) returned 1 [0027.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.086] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.adv")) returned 1 [0027.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.086] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82866230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28a, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.086] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.087] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="uk", cAlternateFileName="")) returned 1 [0027.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.087] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.087] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.087] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8286d760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x315, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.088] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x315, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x315, lpOverlapped=0x0) returned 1 [0027.089] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.089] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x315, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x315, lpOverlapped=0x0) returned 1 [0027.090] CloseHandle (hObject=0x60) returned 1 [0027.090] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.090] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.adv")) returned 1 [0027.090] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.090] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.090] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8286d760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x315, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.090] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.090] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.090] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.090] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="vi", cAlternateFileName="")) returned 1 [0027.090] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.090] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0ee0 [0027.090] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.091] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.091] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82874c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f2010 [0027.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2138 [0027.091] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2010 | out: hHeap=0x6d0000) returned 1 [0027.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.091] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d0, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x2d0, lpOverlapped=0x0) returned 1 [0027.093] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.093] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x2d0, lpOverlapped=0x0) returned 1 [0027.093] CloseHandle (hObject=0x60) returned 1 [0027.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f22f0 [0027.093] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.adv")) returned 1 [0027.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2138 | out: hHeap=0x6d0000) returned 1 [0027.093] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82874c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.093] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.093] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0027.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0027.094] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f1098 [0027.094] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.094] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.094] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8287e8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x253, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f21d8 [0027.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2310 [0027.094] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f21d8 | out: hHeap=0x6d0000) returned 1 [0027.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.094] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x253, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x253, lpOverlapped=0x0) returned 1 [0027.096] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.096] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x253, lpOverlapped=0x0) returned 1 [0027.096] CloseHandle (hObject=0x60) returned 1 [0027.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f24e0 [0027.096] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json.adv")) returned 1 [0027.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f24e0 | out: hHeap=0x6d0000) returned 1 [0027.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2310 | out: hHeap=0x6d0000) returned 1 [0027.097] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8287e8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x253, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.097] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0027.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.097] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0027.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0027.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f1098 [0027.097] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.097] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="..", cAlternateFileName="")) returned 1 [0027.097] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82885e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x280, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f21d8 [0027.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2310 [0027.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f21d8 | out: hHeap=0x6d0000) returned 1 [0027.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.098] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x280, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x280, lpOverlapped=0x0) returned 1 [0027.101] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.101] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x280, lpOverlapped=0x0) returned 1 [0027.101] CloseHandle (hObject=0x60) returned 1 [0027.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f24e0 [0027.102] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json.adv")) returned 1 [0027.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f24e0 | out: hHeap=0x6d0000) returned 1 [0027.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2310 | out: hHeap=0x6d0000) returned 1 [0027.102] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82885e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x280, dwReserved0=0x1d2dd9e, dwReserved1=0x828836f0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.102] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0027.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.102] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0027.102] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0027.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efae8 | out: hHeap=0x6d0000) returned 1 [0027.102] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0027.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef9d0 [0027.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efae8 [0027.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9d0 | out: hHeap=0x6d0000) returned 1 [0027.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efc88 [0027.103] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.103] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x792, cFileName="..", cAlternateFileName="")) returned 1 [0027.103] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828e9f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb7bfbc00, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x2dfa, dwReserved0=0x0, dwReserved1=0x792, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0027.103] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0db8 [0027.103] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ee0 [0027.103] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.103] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2dfa, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x2dfa, lpOverlapped=0x0) returned 1 [0027.104] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.105] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2dfa, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x2dfa, lpOverlapped=0x0) returned 1 [0027.105] CloseHandle (hObject=0x5c) returned 1 [0027.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f1098 [0027.105] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.adv")) returned 1 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1098 | out: hHeap=0x6d0000) returned 1 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ee0 | out: hHeap=0x6d0000) returned 1 [0027.108] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828e9f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb7bfbc00, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x2dfa, dwReserved0=0x0, dwReserved1=0x792, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0027.108] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efae8 | out: hHeap=0x6d0000) returned 1 [0027.108] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x82abeb90, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0027.108] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0027.108] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="1.0.0.2_0", cAlternateFileName="100~1.2_0")) returned 0 [0027.108] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4c0 | out: hHeap=0x6d0000) returned 1 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0027.108] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="pjkljhegncpnkpknbcohdijeoejaedia", cAlternateFileName="PJKLJH~1")) returned 1 [0027.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0027.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec2b8 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0027.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ec4c0 [0027.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0027.108] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.109] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0027.109] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="8.1_0", cAlternateFileName="")) returned 1 [0027.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0027.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ed638 [0027.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0027.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ed7a8 [0027.109] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.111] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0027.111] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x180f, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="128.png", cAlternateFileName="")) returned 1 [0027.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0027.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0027.111] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0027.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.112] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x180f, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x180f, lpOverlapped=0x0) returned 1 [0027.114] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.114] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x180f, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x180f, lpOverlapped=0x0) returned 1 [0027.114] CloseHandle (hObject=0x58) returned 1 [0027.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0027.114] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.adv")) returned 1 [0027.114] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.114] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0027.114] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x869b0fb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0027.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0027.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0027.114] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0027.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.115] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x310, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x310, lpOverlapped=0x0) returned 1 [0027.116] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.116] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x310, lpOverlapped=0x0) returned 1 [0027.117] CloseHandle (hObject=0x58) returned 1 [0027.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efb48 [0027.117] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.adv")) returned 1 [0027.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0027.117] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="_locales", cAlternateFileName="")) returned 1 [0027.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0027.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0027.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0027.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0027.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.117] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.119] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="..", cAlternateFileName="")) returned 1 [0027.119] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ar", cAlternateFileName="")) returned 1 [0027.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.119] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.119] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.120] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.120] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.120] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.120] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.121] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x138, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x138, lpOverlapped=0x0) returned 1 [0027.122] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.122] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x138, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x138, lpOverlapped=0x0) returned 1 [0027.122] CloseHandle (hObject=0x60) returned 1 [0027.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.122] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.adv")) returned 1 [0027.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.123] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.123] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.123] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="bg", cAlternateFileName="")) returned 1 [0027.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.123] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.123] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.123] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.124] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x124, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x124, lpOverlapped=0x0) returned 1 [0027.125] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.125] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x124, lpOverlapped=0x0) returned 1 [0027.125] CloseHandle (hObject=0x60) returned 1 [0027.125] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.125] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.adv")) returned 1 [0027.125] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.125] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.125] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.125] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.125] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.125] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.125] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ca", cAlternateFileName="")) returned 1 [0027.125] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.125] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.126] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.126] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.126] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.137] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.137] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.139] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0027.139] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.140] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfe, lpOverlapped=0x0) returned 1 [0027.140] CloseHandle (hObject=0x60) returned 1 [0027.140] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.140] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.adv")) returned 1 [0027.140] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.140] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.140] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.140] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.140] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.140] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.140] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="cs", cAlternateFileName="")) returned 1 [0027.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.141] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.141] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.142] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.142] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.142] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.142] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.142] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf9, lpOverlapped=0x0) returned 1 [0027.144] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.144] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf9, lpOverlapped=0x0) returned 1 [0027.144] CloseHandle (hObject=0x60) returned 1 [0027.144] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.144] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.adv")) returned 1 [0027.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.144] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.144] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.145] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="da", cAlternateFileName="")) returned 1 [0027.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.146] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.146] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.146] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.147] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xec, lpOverlapped=0x0) returned 1 [0027.147] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.147] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xec, lpOverlapped=0x0) returned 1 [0027.148] CloseHandle (hObject=0x60) returned 1 [0027.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.148] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.adv")) returned 1 [0027.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.148] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.148] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.148] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="de", cAlternateFileName="")) returned 1 [0027.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.149] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.149] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.149] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xef, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.149] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.150] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xef, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xef, lpOverlapped=0x0) returned 1 [0027.151] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.151] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xef, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xef, lpOverlapped=0x0) returned 1 [0027.151] CloseHandle (hObject=0x60) returned 1 [0027.151] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.151] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.adv")) returned 1 [0027.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.152] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xef, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.152] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.152] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="el", cAlternateFileName="")) returned 1 [0027.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.152] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.153] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.153] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.153] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.153] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.154] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14c, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x14c, lpOverlapped=0x0) returned 1 [0027.155] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.155] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14c, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x14c, lpOverlapped=0x0) returned 1 [0027.155] CloseHandle (hObject=0x60) returned 1 [0027.155] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.155] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.adv")) returned 1 [0027.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.155] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.155] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.156] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="en", cAlternateFileName="")) returned 1 [0027.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.156] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.156] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.156] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.156] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0027.157] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.157] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd7, lpOverlapped=0x0) returned 1 [0027.157] CloseHandle (hObject=0x60) returned 1 [0027.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.158] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.adv")) returned 1 [0027.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.158] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.158] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.158] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="es", cAlternateFileName="")) returned 1 [0027.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.158] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.159] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.159] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10d, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.160] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10d, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x10d, lpOverlapped=0x0) returned 1 [0027.161] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.161] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10d, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x10d, lpOverlapped=0x0) returned 1 [0027.161] CloseHandle (hObject=0x60) returned 1 [0027.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.161] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.adv")) returned 1 [0027.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.161] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10d, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.161] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.161] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="fi", cAlternateFileName="")) returned 1 [0027.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.162] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.163] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.163] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.163] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.163] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.163] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.166] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x100, lpOverlapped=0x0) returned 1 [0027.167] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.167] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x100, lpOverlapped=0x0) returned 1 [0027.167] CloseHandle (hObject=0x60) returned 1 [0027.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.167] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.adv")) returned 1 [0027.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.168] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.168] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.168] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="fil", cAlternateFileName="")) returned 1 [0027.168] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.168] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.168] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.168] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.169] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.169] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.170] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xea, lpOverlapped=0x0) returned 1 [0027.171] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.171] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xea, lpOverlapped=0x0) returned 1 [0027.171] CloseHandle (hObject=0x60) returned 1 [0027.171] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.171] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.adv")) returned 1 [0027.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.172] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.172] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.172] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="fr", cAlternateFileName="")) returned 1 [0027.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.172] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.172] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.172] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.173] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10c, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x10c, lpOverlapped=0x0) returned 1 [0027.174] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.174] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10c, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x10c, lpOverlapped=0x0) returned 1 [0027.174] CloseHandle (hObject=0x60) returned 1 [0027.174] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.174] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.adv")) returned 1 [0027.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.174] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.174] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.175] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="hi", cAlternateFileName="")) returned 1 [0027.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.175] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.175] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.175] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.175] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x121, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x121, lpOverlapped=0x0) returned 1 [0027.176] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.176] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x121, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x121, lpOverlapped=0x0) returned 1 [0027.176] CloseHandle (hObject=0x60) returned 1 [0027.177] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.177] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.adv")) returned 1 [0027.177] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.177] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.177] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.177] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.177] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.177] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.177] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="hr", cAlternateFileName="")) returned 1 [0027.177] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.177] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.177] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.177] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.177] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.178] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.178] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.178] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.178] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.178] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.195] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe6, lpOverlapped=0x0) returned 1 [0027.196] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.196] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe6, lpOverlapped=0x0) returned 1 [0027.196] CloseHandle (hObject=0x60) returned 1 [0027.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.196] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.adv")) returned 1 [0027.196] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.196] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.196] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.196] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.197] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="hu", cAlternateFileName="")) returned 1 [0027.197] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.197] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.197] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.197] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.197] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.197] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.197] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.197] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.197] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0027.198] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.198] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe2, lpOverlapped=0x0) returned 1 [0027.198] CloseHandle (hObject=0x60) returned 1 [0027.198] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.198] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.adv")) returned 1 [0027.199] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.199] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.199] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.199] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.199] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.199] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.199] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="id", cAlternateFileName="")) returned 1 [0027.199] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.199] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.200] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.200] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.200] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.200] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.200] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.200] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.200] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf2, lpOverlapped=0x0) returned 1 [0027.201] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.201] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf2, lpOverlapped=0x0) returned 1 [0027.201] CloseHandle (hObject=0x60) returned 1 [0027.201] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.201] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.adv")) returned 1 [0027.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.202] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.202] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.202] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="it", cAlternateFileName="")) returned 1 [0027.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.202] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.202] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.202] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.204] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x100, lpOverlapped=0x0) returned 1 [0027.204] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.204] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x100, lpOverlapped=0x0) returned 1 [0027.205] CloseHandle (hObject=0x60) returned 1 [0027.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.205] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.adv")) returned 1 [0027.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.205] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.205] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.205] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ja", cAlternateFileName="")) returned 1 [0027.206] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.206] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.206] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.206] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.206] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.206] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.206] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10f, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.206] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.206] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.206] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.206] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x10f, lpOverlapped=0x0) returned 1 [0027.207] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.207] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x10f, lpOverlapped=0x0) returned 1 [0027.207] CloseHandle (hObject=0x60) returned 1 [0027.207] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.207] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.adv")) returned 1 [0027.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.208] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10f, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.208] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.208] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ko", cAlternateFileName="")) returned 1 [0027.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.208] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.208] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.208] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.209] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x100, lpOverlapped=0x0) returned 1 [0027.210] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.210] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x100, lpOverlapped=0x0) returned 1 [0027.210] CloseHandle (hObject=0x60) returned 1 [0027.210] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.210] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.adv")) returned 1 [0027.210] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.210] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.210] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.210] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.210] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.210] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.210] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="lt", cAlternateFileName="")) returned 1 [0027.210] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.211] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.211] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.211] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.211] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.211] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.211] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.211] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.211] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.211] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.213] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xfd, lpOverlapped=0x0) returned 1 [0027.214] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.214] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xfd, lpOverlapped=0x0) returned 1 [0027.214] CloseHandle (hObject=0x60) returned 1 [0027.214] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.214] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.adv")) returned 1 [0027.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.215] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.215] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.215] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="lv", cAlternateFileName="")) returned 1 [0027.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.215] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.215] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.215] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.216] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xee, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xee, lpOverlapped=0x0) returned 1 [0027.216] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.216] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xee, lpOverlapped=0x0) returned 1 [0027.217] CloseHandle (hObject=0x60) returned 1 [0027.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.217] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.adv")) returned 1 [0027.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.217] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.217] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.217] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="nl", cAlternateFileName="")) returned 1 [0027.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.217] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.218] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.218] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.218] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.218] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.218] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.218] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe8, lpOverlapped=0x0) returned 1 [0027.219] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.219] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe8, lpOverlapped=0x0) returned 1 [0027.219] CloseHandle (hObject=0x60) returned 1 [0027.219] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.219] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.adv")) returned 1 [0027.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.220] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.220] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.220] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="no", cAlternateFileName="")) returned 1 [0027.220] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.220] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.220] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.220] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.220] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.220] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.220] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.221] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0027.221] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.221] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0027.221] CloseHandle (hObject=0x60) returned 1 [0027.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.222] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.adv")) returned 1 [0027.222] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.222] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.222] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.222] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.222] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.222] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.222] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="pl", cAlternateFileName="")) returned 1 [0027.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.222] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.222] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.223] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.223] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.223] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.223] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.223] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.223] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0027.224] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.224] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x108, lpOverlapped=0x0) returned 1 [0027.224] CloseHandle (hObject=0x60) returned 1 [0027.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.224] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.adv")) returned 1 [0027.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.225] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.225] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.225] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0027.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.225] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.226] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.226] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.226] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0027.227] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.227] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0027.227] CloseHandle (hObject=0x60) returned 1 [0027.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.227] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json.adv")) returned 1 [0027.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.228] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.228] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.228] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0027.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.228] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.230] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.231] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.231] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.231] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.231] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.231] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xdf, lpOverlapped=0x0) returned 1 [0027.232] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.232] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xdf, lpOverlapped=0x0) returned 1 [0027.232] CloseHandle (hObject=0x60) returned 1 [0027.232] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.232] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json.adv")) returned 1 [0027.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.233] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.233] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.233] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ro", cAlternateFileName="")) returned 1 [0027.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.233] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.233] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.233] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.233] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x109, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x109, lpOverlapped=0x0) returned 1 [0027.234] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.234] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x109, lpOverlapped=0x0) returned 1 [0027.234] CloseHandle (hObject=0x60) returned 1 [0027.234] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.235] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.adv")) returned 1 [0027.235] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.235] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.235] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.235] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.235] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.235] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.235] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="ru", cAlternateFileName="")) returned 1 [0027.235] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.235] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.235] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.235] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.235] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.235] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.235] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.236] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.236] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.236] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.236] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11e, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x11e, lpOverlapped=0x0) returned 1 [0027.237] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.237] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11e, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x11e, lpOverlapped=0x0) returned 1 [0027.237] CloseHandle (hObject=0x60) returned 1 [0027.237] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.237] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.adv")) returned 1 [0027.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.238] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.238] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.238] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="se", cAlternateFileName="")) returned 1 [0027.238] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.238] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.238] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.238] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.238] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.238] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.238] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.238] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.239] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0027.239] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.239] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xd2, lpOverlapped=0x0) returned 1 [0027.240] CloseHandle (hObject=0x60) returned 1 [0027.240] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.240] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.adv")) returned 1 [0027.240] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.241] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.241] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.241] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.241] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.241] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.241] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sk", cAlternateFileName="")) returned 1 [0027.241] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.241] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.241] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.241] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.241] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0027.242] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.242] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xde, lpOverlapped=0x0) returned 1 [0027.242] CloseHandle (hObject=0x60) returned 1 [0027.242] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.242] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.adv")) returned 1 [0027.243] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.243] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.243] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.243] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.243] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sl", cAlternateFileName="")) returned 1 [0027.243] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.243] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.243] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.243] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.243] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.244] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.244] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.244] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.244] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.244] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xea, lpOverlapped=0x0) returned 1 [0027.245] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.245] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xea, lpOverlapped=0x0) returned 1 [0027.245] CloseHandle (hObject=0x60) returned 1 [0027.245] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.245] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.adv")) returned 1 [0027.245] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.245] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.246] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.246] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.246] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.246] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.246] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="sr", cAlternateFileName="")) returned 1 [0027.246] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.246] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.246] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.246] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.246] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.246] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.246] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x127, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.246] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.246] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.246] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.246] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x127, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x127, lpOverlapped=0x0) returned 1 [0027.247] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.247] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x127, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x127, lpOverlapped=0x0) returned 1 [0027.247] CloseHandle (hObject=0x60) returned 1 [0027.248] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.248] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.adv")) returned 1 [0027.248] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.248] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.248] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x127, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.248] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.248] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.248] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.248] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="th", cAlternateFileName="")) returned 1 [0027.248] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.248] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.248] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.248] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.248] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.249] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.249] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.249] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.249] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.249] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.249] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x144, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x144, lpOverlapped=0x0) returned 1 [0027.250] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.250] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x144, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x144, lpOverlapped=0x0) returned 1 [0027.250] CloseHandle (hObject=0x60) returned 1 [0027.250] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.250] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.adv")) returned 1 [0027.251] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.251] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.251] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.251] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.251] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.251] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.251] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="tr", cAlternateFileName="")) returned 1 [0027.251] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.251] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.251] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.251] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.251] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.251] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.251] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.251] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.251] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.251] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.252] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xea, lpOverlapped=0x0) returned 1 [0027.252] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.253] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xea, lpOverlapped=0x0) returned 1 [0027.253] CloseHandle (hObject=0x60) returned 1 [0027.253] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.253] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.adv")) returned 1 [0027.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.253] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.253] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.253] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="uk", cAlternateFileName="")) returned 1 [0027.253] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.253] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.253] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.253] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.254] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.254] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.254] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.254] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.254] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.254] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x130, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x130, lpOverlapped=0x0) returned 1 [0027.255] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.255] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x130, lpOverlapped=0x0) returned 1 [0027.255] CloseHandle (hObject=0x60) returned 1 [0027.255] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.255] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.adv")) returned 1 [0027.256] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.256] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.256] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.256] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.256] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.256] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.256] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="vi", cAlternateFileName="")) returned 1 [0027.256] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.256] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.256] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.256] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.256] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.257] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.257] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.257] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.257] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.257] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.257] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xe8, lpOverlapped=0x0) returned 1 [0027.258] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.258] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xe8, lpOverlapped=0x0) returned 1 [0027.258] CloseHandle (hObject=0x60) returned 1 [0027.258] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.258] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.adv")) returned 1 [0027.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.259] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.259] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.259] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0027.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.259] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.259] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.259] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.260] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x102, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x102, lpOverlapped=0x0) returned 1 [0027.261] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.261] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x102, lpOverlapped=0x0) returned 1 [0027.261] CloseHandle (hObject=0x60) returned 1 [0027.261] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.261] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json.adv")) returned 1 [0027.261] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.261] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.261] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.261] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.261] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.261] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.261] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0027.261] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.261] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.261] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.261] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0fa8 [0027.261] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.262] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="..", cAlternateFileName="")) returned 1 [0027.262] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.262] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f20d8 [0027.262] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f2200 [0027.262] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20d8 | out: hHeap=0x6d0000) returned 1 [0027.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.262] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf9, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0xf9, lpOverlapped=0x0) returned 1 [0027.263] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.263] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf9, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0xf9, lpOverlapped=0x0) returned 1 [0027.263] CloseHandle (hObject=0x60) returned 1 [0027.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f23b8 [0027.263] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json.adv")) returned 1 [0027.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f23b8 | out: hHeap=0x6d0000) returned 1 [0027.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2200 | out: hHeap=0x6d0000) returned 1 [0027.264] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x1d2dd9e, dwReserved1=0x86a22430, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.264] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.264] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0027.264] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0027.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0027.264] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0027.264] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef8b8 [0027.264] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ef9c0 [0027.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8b8 | out: hHeap=0x6d0000) returned 1 [0027.264] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.264] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efc60 [0027.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.264] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.264] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="..", cAlternateFileName="")) returned 1 [0027.264] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ae0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86adfb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xdd12c400, ftLastWriteTime.dwHighDateTime=0x1d0683e, nFileSizeHigh=0x0, nFileSizeLow=0x2686, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0027.264] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6efb48 [0027.264] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f0e08 [0027.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6d0000) returned 1 [0027.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.265] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2686, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x2686, lpOverlapped=0x0) returned 1 [0027.267] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.267] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2686, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x2686, lpOverlapped=0x0) returned 1 [0027.267] CloseHandle (hObject=0x5c) returned 1 [0027.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f0fa8 [0027.269] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.adv")) returned 1 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e08 | out: hHeap=0x6d0000) returned 1 [0027.270] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ae0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86adfb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xdd12c400, ftLastWriteTime.dwHighDateTime=0x1d0683e, nFileSizeHigh=0x0, nFileSizeLow=0x2686, dwReserved0=0x0, dwReserved1=0x7bd, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0027.270] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc60 | out: hHeap=0x6d0000) returned 1 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef9c0 | out: hHeap=0x6d0000) returned 1 [0027.270] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0027.270] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6d0000) returned 1 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0027.270] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="8.1_0", cAlternateFileName="")) returned 0 [0027.270] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4c0 | out: hHeap=0x6d0000) returned 1 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0027.270] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 1 [0027.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0027.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ec2b8 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0027.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ec4c0 [0027.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0027.270] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.271] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="..", cAlternateFileName="")) returned 1 [0027.271] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="5817.313.0.5_0", cAlternateFileName="581731~1.5_0")) returned 1 [0027.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ec3c8 [0027.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6ed638 [0027.271] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0027.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ee9c8 [0027.271] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.271] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.273] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="..", cAlternateFileName="")) returned 1 [0027.274] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83637bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8363f0f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x8c0bf, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="angular.js", cAlternateFileName="")) returned 1 [0027.274] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.274] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.274] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.275] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8c0bf, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x8c0bf, lpOverlapped=0x0) returned 1 [0027.283] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.283] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8c0bf, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x8c0bf, lpOverlapped=0x0) returned 1 [0027.285] CloseHandle (hObject=0x58) returned 1 [0027.285] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efd10 [0027.285] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.adv")) returned 1 [0027.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.285] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83641800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83643f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xa89c, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="background_script.js", cAlternateFileName="BACKGR~1.JS")) returned 1 [0027.286] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.286] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.286] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.286] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa89c, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xa89c, lpOverlapped=0x0) returned 1 [0027.288] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.288] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa89c, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xa89c, lpOverlapped=0x0) returned 1 [0027.289] CloseHandle (hObject=0x58) returned 1 [0027.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.289] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.adv")) returned 1 [0027.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.289] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83646620, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83648d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x181aa, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="cast_game_sender.js", cAlternateFileName="CAST_G~1.JS")) returned 1 [0027.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.290] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x181aa, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x181aa, lpOverlapped=0x0) returned 1 [0027.292] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.292] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x181aa, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x181aa, lpOverlapped=0x0) returned 1 [0027.292] CloseHandle (hObject=0x58) returned 1 [0027.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.292] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.adv")) returned 1 [0027.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.293] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8364db50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8364db50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x111e1, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="cast_route_details.html", cAlternateFileName="CAST_R~1.HTM")) returned 1 [0027.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.293] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x111e1, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x111e1, lpOverlapped=0x0) returned 1 [0027.297] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.297] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x111e1, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x111e1, lpOverlapped=0x0) returned 1 [0027.298] CloseHandle (hObject=0x58) returned 1 [0027.298] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6efd10 [0027.298] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.adv")) returned 1 [0027.298] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.298] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.298] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83652970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83657790, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3a258, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="cast_route_details.js", cAlternateFileName="CAST_R~1.JS")) returned 1 [0027.298] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.298] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.298] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.299] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3a258, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x3a258, lpOverlapped=0x0) returned 1 [0027.302] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.302] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3a258, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x3a258, lpOverlapped=0x0) returned 1 [0027.303] CloseHandle (hObject=0x58) returned 1 [0027.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6efd10 [0027.303] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.adv")) returned 1 [0027.304] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.304] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.304] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8365ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836613d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xce17, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="cast_sender.js", cAlternateFileName="CAST_S~1.JS")) returned 1 [0027.304] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.304] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.304] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.305] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce17, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xce17, lpOverlapped=0x0) returned 1 [0027.306] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.306] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce17, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xce17, lpOverlapped=0x0) returned 1 [0027.307] CloseHandle (hObject=0x58) returned 1 [0027.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.307] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.adv")) returned 1 [0027.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.307] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="cast_setup", cAlternateFileName="CAST_S~1")) returned 1 [0027.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efd10 [0027.307] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77d, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.309] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77d, cFileName="..", cAlternateFileName="")) returned 1 [0027.309] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836661f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836661f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1a1d, dwReserved0=0x0, dwReserved1=0x77d, cFileName="cast_app.css", cAlternateFileName="")) returned 1 [0027.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.310] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a1d, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x1a1d, lpOverlapped=0x0) returned 1 [0027.311] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.311] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a1d, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x1a1d, lpOverlapped=0x0) returned 1 [0027.312] CloseHandle (hObject=0x5c) returned 1 [0027.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f1158 [0027.312] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.adv")) returned 1 [0027.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.312] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366b010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366d720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x221da, dwReserved0=0x0, dwReserved1=0x77d, cFileName="cast_app.js", cAlternateFileName="")) returned 1 [0027.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.313] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x221da, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x221da, lpOverlapped=0x0) returned 1 [0027.315] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.315] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x221da, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x221da, lpOverlapped=0x0) returned 1 [0027.316] CloseHandle (hObject=0x5c) returned 1 [0027.316] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f1158 [0027.316] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.adv")) returned 1 [0027.316] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.316] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.316] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366fe30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366fe30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x77d, cFileName="cast_app_redirect.js", cAlternateFileName="CAST_A~1.JS")) returned 1 [0027.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.318] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf2, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0xf2, lpOverlapped=0x0) returned 1 [0027.319] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.319] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0xf2, lpOverlapped=0x0) returned 1 [0027.319] CloseHandle (hObject=0x5c) returned 1 [0027.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f1158 [0027.319] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.adv")) returned 1 [0027.319] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.319] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.319] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83674c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83674c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1bef, dwReserved0=0x0, dwReserved1=0x77d, cFileName="chromecast_logo_grey.png", cAlternateFileName="CHROME~1.PNG")) returned 1 [0027.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.319] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.320] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1bef, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x1bef, lpOverlapped=0x0) returned 1 [0027.321] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.321] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1bef, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x1bef, lpOverlapped=0x0) returned 1 [0027.321] CloseHandle (hObject=0x5c) returned 1 [0027.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f1158 [0027.322] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.adv")) returned 1 [0027.322] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.322] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.322] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83679a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83679a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x77d, cFileName="devices.html", cAlternateFileName="DEVICE~1.HTM")) returned 1 [0027.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.322] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.322] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3b, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x3b, lpOverlapped=0x0) returned 1 [0027.323] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.323] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x3b, lpOverlapped=0x0) returned 1 [0027.323] CloseHandle (hObject=0x5c) returned 1 [0027.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f1158 [0027.324] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.adv")) returned 1 [0027.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.324] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8367c180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8367c180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x828, dwReserved0=0x0, dwReserved1=0x77d, cFileName="index.html", cAlternateFileName="INDEX~1.HTM")) returned 1 [0027.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.325] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x828, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x828, lpOverlapped=0x0) returned 1 [0027.326] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.326] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x828, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x828, lpOverlapped=0x0) returned 1 [0027.326] CloseHandle (hObject=0x5c) returned 1 [0027.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f1158 [0027.326] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.adv")) returned 1 [0027.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.327] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83685dc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83685dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x77d, cFileName="offers.html", cAlternateFileName="OFFERS~1.HTM")) returned 1 [0027.327] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.327] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.328] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3b, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x3b, lpOverlapped=0x0) returned 1 [0027.329] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.329] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x3b, lpOverlapped=0x0) returned 1 [0027.329] CloseHandle (hObject=0x5c) returned 1 [0027.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f1158 [0027.329] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.adv")) returned 1 [0027.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.329] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836884d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368abe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x77d, cFileName="setup.html", cAlternateFileName="SETUP~1.HTM")) returned 1 [0027.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.330] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.330] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3b, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x3b, lpOverlapped=0x0) returned 1 [0027.331] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.331] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x3b, lpOverlapped=0x0) returned 1 [0027.331] CloseHandle (hObject=0x5c) returned 1 [0027.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f1158 [0027.331] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.adv")) returned 1 [0027.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.331] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836884d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368abe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x77d, cFileName="setup.html", cAlternateFileName="SETUP~1.HTM")) returned 0 [0027.331] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.332] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="cloud_route_details", cAlternateFileName="CLOUD_~1")) returned 1 [0027.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.332] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77d, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.332] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77d, cFileName="..", cAlternateFileName="")) returned 1 [0027.332] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8368fa00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368fa00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x174c, dwReserved0=0x0, dwReserved1=0x77d, cFileName="view.html", cAlternateFileName="VIEW~1.HTM")) returned 1 [0027.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f0e60 [0027.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1de) returned 0x6f0fa8 [0027.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e60 | out: hHeap=0x6d0000) returned 1 [0027.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.332] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x174c, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x174c, lpOverlapped=0x0) returned 1 [0027.334] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.334] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x174c, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x174c, lpOverlapped=0x0) returned 1 [0027.334] CloseHandle (hObject=0x5c) returned 1 [0027.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f1190 [0027.334] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.adv")) returned 1 [0027.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1190 | out: hHeap=0x6d0000) returned 1 [0027.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.335] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83694820, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x945, dwReserved0=0x0, dwReserved1=0x77d, cFileName="view.js", cAlternateFileName="")) returned 1 [0027.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f0e60 [0027.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1de) returned 0x6f0fa8 [0027.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e60 | out: hHeap=0x6d0000) returned 1 [0027.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.336] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x945, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x945, lpOverlapped=0x0) returned 1 [0027.337] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.337] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x945, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x945, lpOverlapped=0x0) returned 1 [0027.338] CloseHandle (hObject=0x5c) returned 1 [0027.338] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f1190 [0027.338] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.adv")) returned 1 [0027.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1190 | out: hHeap=0x6d0000) returned 1 [0027.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0fa8 | out: hHeap=0x6d0000) returned 1 [0027.338] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83694820, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x945, dwReserved0=0x0, dwReserved1=0x77d, cFileName="view.js", cAlternateFileName="")) returned 0 [0027.338] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.338] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83696f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83699640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc878, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="common.js", cAlternateFileName="")) returned 1 [0027.338] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.338] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.339] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc878, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xc878, lpOverlapped=0x0) returned 1 [0027.341] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.341] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc878, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xc878, lpOverlapped=0x0) returned 1 [0027.341] CloseHandle (hObject=0x58) returned 1 [0027.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efd10 [0027.341] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.adv")) returned 1 [0027.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.342] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8369bd50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8369bd50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc26, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="feedback.css", cAlternateFileName="")) returned 1 [0027.342] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.342] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.342] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc26, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xc26, lpOverlapped=0x0) returned 1 [0027.344] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.344] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc26, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xc26, lpOverlapped=0x0) returned 1 [0027.344] CloseHandle (hObject=0x58) returned 1 [0027.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efd10 [0027.344] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.adv")) returned 1 [0027.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.344] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a0b70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a0b70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x38a8, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="feedback.html", cAlternateFileName="FEEDBA~1.HTM")) returned 1 [0027.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.345] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x38a8, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x38a8, lpOverlapped=0x0) returned 1 [0027.346] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.346] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x38a8, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x38a8, lpOverlapped=0x0) returned 1 [0027.347] CloseHandle (hObject=0x58) returned 1 [0027.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.347] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.adv")) returned 1 [0027.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.347] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a5990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a5990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2b20, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="feedback_script.js", cAlternateFileName="FEEDBA~1.JS")) returned 1 [0027.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.348] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b20, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x2b20, lpOverlapped=0x0) returned 1 [0027.350] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.350] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b20, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x2b20, lpOverlapped=0x0) returned 1 [0027.350] CloseHandle (hObject=0x58) returned 1 [0027.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.350] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.adv")) returned 1 [0027.351] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.351] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.351] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836af5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8395fd70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0027.351] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.351] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.351] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.351] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8f8, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x8f8, lpOverlapped=0x0) returned 1 [0027.353] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.353] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8f8, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x8f8, lpOverlapped=0x0) returned 1 [0027.353] CloseHandle (hObject=0x58) returned 1 [0027.353] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.353] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.adv")) returned 1 [0027.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.353] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b1ce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b43f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x46039, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="material_css_min.css", cAlternateFileName="MATERI~1.CSS")) returned 1 [0027.353] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.354] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.354] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.354] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x46039, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x46039, lpOverlapped=0x0) returned 1 [0027.358] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.358] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x46039, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x46039, lpOverlapped=0x0) returned 1 [0027.359] CloseHandle (hObject=0x58) returned 1 [0027.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.359] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.adv")) returned 1 [0027.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.360] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b6b00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b9210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x7c33, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="mirroring_cast_streaming.js", cAlternateFileName="MIRROR~1.JS")) returned 1 [0027.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.360] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7c33, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x7c33, lpOverlapped=0x0) returned 1 [0027.363] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.363] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7c33, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x7c33, lpOverlapped=0x0) returned 1 [0027.363] CloseHandle (hObject=0x58) returned 1 [0027.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6efd10 [0027.363] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.adv")) returned 1 [0027.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.363] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836c2e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836c5560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2adeb, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="mirroring_common.js", cAlternateFileName="MIRROR~2.JS")) returned 1 [0027.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.364] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2adeb, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x2adeb, lpOverlapped=0x0) returned 1 [0027.366] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.366] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2adeb, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x2adeb, lpOverlapped=0x0) returned 1 [0027.367] CloseHandle (hObject=0x58) returned 1 [0027.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.367] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.adv")) returned 1 [0027.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.367] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836ca380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836cf1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x794cf, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="mirroring_hangouts.js", cAlternateFileName="MIRROR~3.JS")) returned 1 [0027.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.368] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x794cf, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x794cf, lpOverlapped=0x0) returned 1 [0027.376] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.376] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x794cf, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x794cf, lpOverlapped=0x0) returned 1 [0027.377] CloseHandle (hObject=0x58) returned 1 [0027.377] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6efd10 [0027.377] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.adv")) returned 1 [0027.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.378] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836d3fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836d66d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x941, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="mirroring_webrtc.js", cAlternateFileName="MIRROR~4.JS")) returned 1 [0027.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0027.378] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x941, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x941, lpOverlapped=0x0) returned 1 [0027.380] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.380] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x941, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x941, lpOverlapped=0x0) returned 1 [0027.380] CloseHandle (hObject=0x58) returned 1 [0027.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6efd10 [0027.380] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.adv")) returned 1 [0027.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.381] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="_locales", cAlternateFileName="")) returned 1 [0027.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6efe38 [0027.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.381] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.382] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="..", cAlternateFileName="")) returned 1 [0027.383] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="am", cAlternateFileName="")) returned 1 [0027.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.383] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.384] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.384] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833eb5b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397d230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4827, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.385] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4827, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x4827, lpOverlapped=0x0) returned 1 [0027.386] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.387] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4827, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x4827, lpOverlapped=0x0) returned 1 [0027.387] CloseHandle (hObject=0x60) returned 1 [0027.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.387] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.adv")) returned 1 [0027.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.387] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833eb5b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397d230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4827, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.387] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.388] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="ar", cAlternateFileName="")) returned 1 [0027.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.388] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.388] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.388] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833fee30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x45bf, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.388] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x45bf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x45bf, lpOverlapped=0x0) returned 1 [0027.390] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.390] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x45bf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x45bf, lpOverlapped=0x0) returned 1 [0027.390] CloseHandle (hObject=0x60) returned 1 [0027.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.390] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.adv")) returned 1 [0027.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.391] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833fee30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x45bf, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.391] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.391] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="bg", cAlternateFileName="")) returned 1 [0027.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.391] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.391] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.391] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83406360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83408a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b63, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.392] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4b63, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x4b63, lpOverlapped=0x0) returned 1 [0027.394] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.394] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4b63, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x4b63, lpOverlapped=0x0) returned 1 [0027.394] CloseHandle (hObject=0x60) returned 1 [0027.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.394] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.adv")) returned 1 [0027.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.395] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83406360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83408a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b63, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.395] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.395] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="bn", cAlternateFileName="")) returned 1 [0027.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.395] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.395] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.395] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52cb, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.396] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x52cb, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x52cb, lpOverlapped=0x0) returned 1 [0027.398] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.398] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x52cb, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x52cb, lpOverlapped=0x0) returned 1 [0027.398] CloseHandle (hObject=0x60) returned 1 [0027.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.398] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.adv")) returned 1 [0027.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.399] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52cb, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.399] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.399] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="ca", cAlternateFileName="")) returned 1 [0027.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.399] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.399] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.399] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834126b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83414dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x405d, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.400] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x405d, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x405d, lpOverlapped=0x0) returned 1 [0027.402] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.402] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x405d, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x405d, lpOverlapped=0x0) returned 1 [0027.402] CloseHandle (hObject=0x60) returned 1 [0027.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.402] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.adv")) returned 1 [0027.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.403] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834126b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83414dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x405d, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.403] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.403] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="cs", cAlternateFileName="")) returned 1 [0027.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.403] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.403] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.403] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8341c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83421110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4029, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.404] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.404] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4029, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x4029, lpOverlapped=0x0) returned 1 [0027.405] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.405] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4029, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x4029, lpOverlapped=0x0) returned 1 [0027.406] CloseHandle (hObject=0x60) returned 1 [0027.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.406] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.adv")) returned 1 [0027.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.406] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8341c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83421110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4029, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.406] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.406] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="da", cAlternateFileName="")) returned 1 [0027.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.407] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.407] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.407] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83428640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f79, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.408] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3f79, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3f79, lpOverlapped=0x0) returned 1 [0027.409] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.410] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3f79, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3f79, lpOverlapped=0x0) returned 1 [0027.410] CloseHandle (hObject=0x60) returned 1 [0027.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.410] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.adv")) returned 1 [0027.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.410] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83428640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f79, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.410] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.410] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="de", cAlternateFileName="")) returned 1 [0027.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.411] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.411] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.411] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.411] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.411] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8342fb70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83432280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x406f, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.411] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.411] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.411] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.411] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x406f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x406f, lpOverlapped=0x0) returned 1 [0027.413] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.413] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x406f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x406f, lpOverlapped=0x0) returned 1 [0027.413] CloseHandle (hObject=0x60) returned 1 [0027.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.413] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.adv")) returned 1 [0027.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.414] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8342fb70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83432280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x406f, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.414] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.414] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="el", cAlternateFileName="")) returned 1 [0027.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.414] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.414] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.414] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834370a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834397b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4afe, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.415] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.415] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4afe, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x4afe, lpOverlapped=0x0) returned 1 [0027.417] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.417] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4afe, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x4afe, lpOverlapped=0x0) returned 1 [0027.418] CloseHandle (hObject=0x60) returned 1 [0027.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.418] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.adv")) returned 1 [0027.418] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.418] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.418] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834370a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834397b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4afe, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.418] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.418] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.418] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.418] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="en", cAlternateFileName="")) returned 1 [0027.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.418] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.419] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.419] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.419] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8343e5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d7a, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.419] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d7a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3d7a, lpOverlapped=0x0) returned 1 [0027.421] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.421] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d7a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3d7a, lpOverlapped=0x0) returned 1 [0027.421] CloseHandle (hObject=0x60) returned 1 [0027.421] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.421] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.adv")) returned 1 [0027.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.422] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8343e5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d7a, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.422] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.422] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="es", cAlternateFileName="")) returned 1 [0027.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.422] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.422] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.422] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8344d030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.423] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x404b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x404b, lpOverlapped=0x0) returned 1 [0027.427] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.427] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x404b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x404b, lpOverlapped=0x0) returned 1 [0027.427] CloseHandle (hObject=0x60) returned 1 [0027.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.428] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.adv")) returned 1 [0027.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.428] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8344d030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.428] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.428] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="et", cAlternateFileName="")) returned 1 [0027.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.428] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.429] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.429] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83454560, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e85, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.429] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e85, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3e85, lpOverlapped=0x0) returned 1 [0027.431] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.431] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e85, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3e85, lpOverlapped=0x0) returned 1 [0027.431] CloseHandle (hObject=0x60) returned 1 [0027.431] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.431] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.adv")) returned 1 [0027.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.432] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83454560, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e85, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.432] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.432] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="fa", cAlternateFileName="")) returned 1 [0027.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.432] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.432] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.432] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8345ba90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46f5, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.433] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x46f5, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x46f5, lpOverlapped=0x0) returned 1 [0027.435] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.435] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x46f5, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x46f5, lpOverlapped=0x0) returned 1 [0027.435] CloseHandle (hObject=0x60) returned 1 [0027.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.435] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.adv")) returned 1 [0027.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.436] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8345ba90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46f5, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.436] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.436] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="fi", cAlternateFileName="")) returned 1 [0027.436] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.436] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.436] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.436] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.436] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.436] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83462fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f4c, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.436] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.436] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.437] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3f4c, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3f4c, lpOverlapped=0x0) returned 1 [0027.438] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.438] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3f4c, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3f4c, lpOverlapped=0x0) returned 1 [0027.438] CloseHandle (hObject=0x60) returned 1 [0027.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.438] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.adv")) returned 1 [0027.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.439] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83462fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f4c, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.439] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.439] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="fil", cAlternateFileName="")) returned 1 [0027.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.439] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.439] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.440] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8346cc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83471a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4082, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.440] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.440] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.440] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.440] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4082, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x4082, lpOverlapped=0x0) returned 1 [0027.442] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.442] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4082, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x4082, lpOverlapped=0x0) returned 1 [0027.442] CloseHandle (hObject=0x60) returned 1 [0027.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.445] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.adv")) returned 1 [0027.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.445] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8346cc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83471a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4082, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.445] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.445] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="fr", cAlternateFileName="")) returned 1 [0027.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.446] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.446] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.446] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83478f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x419f, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.446] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x419f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x419f, lpOverlapped=0x0) returned 1 [0027.448] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.448] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x419f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x419f, lpOverlapped=0x0) returned 1 [0027.448] CloseHandle (hObject=0x60) returned 1 [0027.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.448] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.adv")) returned 1 [0027.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.449] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83478f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x419f, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.449] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.449] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.449] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.449] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="gu", cAlternateFileName="")) returned 1 [0027.449] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.449] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.449] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.449] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83480480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5079, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.450] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5079, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x5079, lpOverlapped=0x0) returned 1 [0027.451] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.451] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5079, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x5079, lpOverlapped=0x0) returned 1 [0027.452] CloseHandle (hObject=0x60) returned 1 [0027.452] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.452] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.adv")) returned 1 [0027.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.452] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83480480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5079, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.452] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.452] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="hi", cAlternateFileName="")) returned 1 [0027.452] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.452] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.453] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.453] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.453] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.453] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834879b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x50f7, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.453] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.453] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.453] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.453] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x50f7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x50f7, lpOverlapped=0x0) returned 1 [0027.455] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.455] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x50f7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x50f7, lpOverlapped=0x0) returned 1 [0027.455] CloseHandle (hObject=0x60) returned 1 [0027.455] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.455] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.adv")) returned 1 [0027.456] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.456] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.456] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834879b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x50f7, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.456] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.456] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.456] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.456] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="hr", cAlternateFileName="")) returned 1 [0027.456] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.456] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.456] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.456] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.456] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.456] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.456] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8348eee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ff2, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.456] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.456] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.456] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.457] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3ff2, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3ff2, lpOverlapped=0x0) returned 1 [0027.459] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.459] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3ff2, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3ff2, lpOverlapped=0x0) returned 1 [0027.459] CloseHandle (hObject=0x60) returned 1 [0027.459] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.459] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.adv")) returned 1 [0027.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.460] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8348eee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ff2, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.460] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.460] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="hu", cAlternateFileName="")) returned 1 [0027.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.460] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.460] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.460] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83498b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8349d940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40d4, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.461] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40d4, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x40d4, lpOverlapped=0x0) returned 1 [0027.462] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.462] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40d4, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x40d4, lpOverlapped=0x0) returned 1 [0027.462] CloseHandle (hObject=0x60) returned 1 [0027.462] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.462] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.adv")) returned 1 [0027.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.463] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83498b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8349d940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40d4, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.463] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.463] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="id", cAlternateFileName="")) returned 1 [0027.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.463] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.463] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.463] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a4e70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e5d, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.473] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e5d, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3e5d, lpOverlapped=0x0) returned 1 [0027.475] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.475] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e5d, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3e5d, lpOverlapped=0x0) returned 1 [0027.475] CloseHandle (hObject=0x60) returned 1 [0027.475] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.475] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.adv")) returned 1 [0027.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.476] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a4e70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e5d, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.476] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.476] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="it", cAlternateFileName="")) returned 1 [0027.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.476] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.476] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.476] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f0c, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.477] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.477] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3f0c, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3f0c, lpOverlapped=0x0) returned 1 [0027.478] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.478] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3f0c, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3f0c, lpOverlapped=0x0) returned 1 [0027.478] CloseHandle (hObject=0x60) returned 1 [0027.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.479] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.adv")) returned 1 [0027.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.479] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f0c, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.479] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.479] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="iw", cAlternateFileName="")) returned 1 [0027.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.479] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.480] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.480] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834b11c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b38d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.480] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.480] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.480] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.481] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5074, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x5074, lpOverlapped=0x0) returned 1 [0027.483] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.483] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5074, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x5074, lpOverlapped=0x0) returned 1 [0027.483] CloseHandle (hObject=0x60) returned 1 [0027.483] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.483] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.adv")) returned 1 [0027.483] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.483] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.483] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834b11c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b38d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.484] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.484] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="ja", cAlternateFileName="")) returned 1 [0027.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.484] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.484] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.484] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834bae00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bd510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x447a, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.484] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.484] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x447a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x447a, lpOverlapped=0x0) returned 1 [0027.486] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.486] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x447a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x447a, lpOverlapped=0x0) returned 1 [0027.486] CloseHandle (hObject=0x60) returned 1 [0027.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.486] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.adv")) returned 1 [0027.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.487] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834bae00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bd510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x447a, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.487] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.487] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="kn", cAlternateFileName="")) returned 1 [0027.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.487] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.487] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834c7150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c9860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x55a3, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.488] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x55a3, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x55a3, lpOverlapped=0x0) returned 1 [0027.492] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.492] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x55a3, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x55a3, lpOverlapped=0x0) returned 1 [0027.492] CloseHandle (hObject=0x60) returned 1 [0027.492] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.493] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.adv")) returned 1 [0027.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.493] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834c7150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c9860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x55a3, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.493] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.493] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="ko", cAlternateFileName="")) returned 1 [0027.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.493] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.493] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ce680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d0d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x403a, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.494] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x403a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x403a, lpOverlapped=0x0) returned 1 [0027.495] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.496] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x403a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x403a, lpOverlapped=0x0) returned 1 [0027.496] CloseHandle (hObject=0x60) returned 1 [0027.496] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.496] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.adv")) returned 1 [0027.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.496] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ce680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d0d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x403a, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.496] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.496] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="lt", cAlternateFileName="")) returned 1 [0027.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.497] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.497] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834d5bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d82c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x416b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.498] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x416b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x416b, lpOverlapped=0x0) returned 1 [0027.500] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.500] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x416b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x416b, lpOverlapped=0x0) returned 1 [0027.500] CloseHandle (hObject=0x60) returned 1 [0027.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.500] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.adv")) returned 1 [0027.500] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.500] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.500] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834d5bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d82c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x416b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.500] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.501] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="lv", cAlternateFileName="")) returned 1 [0027.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.501] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.501] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.501] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834dd0e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834df7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x41bf, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.502] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x41bf, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x41bf, lpOverlapped=0x0) returned 1 [0027.503] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.503] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x41bf, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x41bf, lpOverlapped=0x0) returned 1 [0027.503] CloseHandle (hObject=0x60) returned 1 [0027.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.503] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.adv")) returned 1 [0027.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.504] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834dd0e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834df7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x41bf, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.504] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.504] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="ml", cAlternateFileName="")) returned 1 [0027.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.504] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.504] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.504] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ebb40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x583f, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.505] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x583f, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x583f, lpOverlapped=0x0) returned 1 [0027.507] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.507] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x583f, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x583f, lpOverlapped=0x0) returned 1 [0027.507] CloseHandle (hObject=0x60) returned 1 [0027.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.507] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.adv")) returned 1 [0027.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.508] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ebb40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x583f, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.508] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.508] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="mr", cAlternateFileName="")) returned 1 [0027.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.508] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.508] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.508] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834f3070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5224, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.509] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5224, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x5224, lpOverlapped=0x0) returned 1 [0027.510] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.510] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5224, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x5224, lpOverlapped=0x0) returned 1 [0027.510] CloseHandle (hObject=0x60) returned 1 [0027.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.511] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.adv")) returned 1 [0027.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.511] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834f3070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5224, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.511] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.511] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="ms", cAlternateFileName="")) returned 1 [0027.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.511] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.512] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.512] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ff3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f8b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.513] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3f8b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3f8b, lpOverlapped=0x0) returned 1 [0027.514] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.514] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3f8b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3f8b, lpOverlapped=0x0) returned 1 [0027.514] CloseHandle (hObject=0x60) returned 1 [0027.514] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.514] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.adv")) returned 1 [0027.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.515] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ff3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f8b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.515] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.515] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="nb", cAlternateFileName="")) returned 1 [0027.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.515] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.515] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835068f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ebc, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.516] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3ebc, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3ebc, lpOverlapped=0x0) returned 1 [0027.518] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.518] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3ebc, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3ebc, lpOverlapped=0x0) returned 1 [0027.518] CloseHandle (hObject=0x60) returned 1 [0027.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.518] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.adv")) returned 1 [0027.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.518] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835068f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ebc, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.518] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.519] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="nl", cAlternateFileName="")) returned 1 [0027.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.519] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.519] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.519] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8357bbf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f45, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.520] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3f45, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3f45, lpOverlapped=0x0) returned 1 [0027.521] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.521] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3f45, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3f45, lpOverlapped=0x0) returned 1 [0027.522] CloseHandle (hObject=0x60) returned 1 [0027.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.522] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.adv")) returned 1 [0027.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.522] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8357bbf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f45, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.522] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.522] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="pl", cAlternateFileName="")) returned 1 [0027.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.523] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.523] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.523] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83583120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fd7, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.523] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.523] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fd7, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3fd7, lpOverlapped=0x0) returned 1 [0027.525] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.525] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fd7, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3fd7, lpOverlapped=0x0) returned 1 [0027.525] CloseHandle (hObject=0x60) returned 1 [0027.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.525] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.adv")) returned 1 [0027.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.526] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83583120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fd7, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.526] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.526] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="pt", cAlternateFileName="")) returned 1 [0027.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.526] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.526] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8359b7c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359ded0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.527] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fdc, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3fdc, lpOverlapped=0x0) returned 1 [0027.529] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.529] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fdc, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3fdc, lpOverlapped=0x0) returned 1 [0027.529] CloseHandle (hObject=0x60) returned 1 [0027.529] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.529] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.adv")) returned 1 [0027.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.529] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8359b7c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359ded0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.529] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.530] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0027.530] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.530] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.530] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.530] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.530] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a05e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.530] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.530] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.530] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fdc, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3fdc, lpOverlapped=0x0) returned 1 [0027.532] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.532] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fdc, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3fdc, lpOverlapped=0x0) returned 1 [0027.532] CloseHandle (hObject=0x60) returned 1 [0027.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.532] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json.adv")) returned 1 [0027.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.532] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a05e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.532] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.533] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0027.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.533] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.533] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a5400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.534] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fdc, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3fdc, lpOverlapped=0x0) returned 1 [0027.535] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.535] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fdc, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3fdc, lpOverlapped=0x0) returned 1 [0027.536] CloseHandle (hObject=0x60) returned 1 [0027.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.536] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json.adv")) returned 1 [0027.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.536] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a5400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.536] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.536] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="ro", cAlternateFileName="")) returned 1 [0027.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.537] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.537] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b1750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b3e60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40db, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.537] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.537] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.537] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.537] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40db, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x40db, lpOverlapped=0x0) returned 1 [0027.539] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.539] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40db, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x40db, lpOverlapped=0x0) returned 1 [0027.539] CloseHandle (hObject=0x60) returned 1 [0027.539] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.539] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.adv")) returned 1 [0027.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.540] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b1750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b3e60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40db, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.540] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.540] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="ru", cAlternateFileName="")) returned 1 [0027.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.540] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.540] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b8c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835bb390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x490e, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.540] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.541] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x490e, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x490e, lpOverlapped=0x0) returned 1 [0027.543] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.543] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x490e, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x490e, lpOverlapped=0x0) returned 1 [0027.543] CloseHandle (hObject=0x60) returned 1 [0027.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.543] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.adv")) returned 1 [0027.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.544] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b8c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835bb390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x490e, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.544] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.544] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="sk", cAlternateFileName="")) returned 1 [0027.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.544] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.544] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c28c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40fd, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.545] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40fd, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x40fd, lpOverlapped=0x0) returned 1 [0027.546] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.546] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40fd, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x40fd, lpOverlapped=0x0) returned 1 [0027.546] CloseHandle (hObject=0x60) returned 1 [0027.546] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.546] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.adv")) returned 1 [0027.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.547] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c28c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40fd, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.547] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.547] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="sl", cAlternateFileName="")) returned 1 [0027.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.548] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.548] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c9df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x407a, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.549] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x407a, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x407a, lpOverlapped=0x0) returned 1 [0027.550] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.550] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x407a, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x407a, lpOverlapped=0x0) returned 1 [0027.550] CloseHandle (hObject=0x60) returned 1 [0027.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.551] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.adv")) returned 1 [0027.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.551] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c9df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x407a, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.551] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.551] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="sr", cAlternateFileName="")) returned 1 [0027.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.552] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.552] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835d1320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x49c1, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.552] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x49c1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x49c1, lpOverlapped=0x0) returned 1 [0027.554] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.554] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x49c1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x49c1, lpOverlapped=0x0) returned 1 [0027.554] CloseHandle (hObject=0x60) returned 1 [0027.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.554] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.adv")) returned 1 [0027.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.555] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835d1320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x49c1, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.555] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.555] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="sv", cAlternateFileName="")) returned 1 [0027.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.555] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.555] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.555] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e96, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.557] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e96, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3e96, lpOverlapped=0x0) returned 1 [0027.559] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.559] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e96, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3e96, lpOverlapped=0x0) returned 1 [0027.559] CloseHandle (hObject=0x60) returned 1 [0027.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.559] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.adv")) returned 1 [0027.560] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.560] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.560] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e96, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.560] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.560] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.560] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.560] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="sw", cAlternateFileName="")) returned 1 [0027.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.560] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.560] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.560] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.560] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dfd80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e8b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.560] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.561] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e8b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3e8b, lpOverlapped=0x0) returned 1 [0027.562] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.562] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e8b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3e8b, lpOverlapped=0x0) returned 1 [0027.562] CloseHandle (hObject=0x60) returned 1 [0027.562] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.562] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.adv")) returned 1 [0027.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.563] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dfd80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e8b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.563] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.563] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="ta", cAlternateFileName="")) returned 1 [0027.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.563] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.563] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.563] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835e72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e99c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x563d, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.565] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x563d, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x563d, lpOverlapped=0x0) returned 1 [0027.566] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.566] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x563d, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x563d, lpOverlapped=0x0) returned 1 [0027.566] CloseHandle (hObject=0x60) returned 1 [0027.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.566] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.adv")) returned 1 [0027.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.567] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835e72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e99c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x563d, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.567] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.567] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="te", cAlternateFileName="")) returned 1 [0027.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.567] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.567] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.567] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f0ef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5593, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.568] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5593, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x5593, lpOverlapped=0x0) returned 1 [0027.569] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.569] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5593, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x5593, lpOverlapped=0x0) returned 1 [0027.570] CloseHandle (hObject=0x60) returned 1 [0027.570] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.570] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.adv")) returned 1 [0027.570] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.570] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.570] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f0ef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5593, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.570] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.570] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.570] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.570] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="th", cAlternateFileName="")) returned 1 [0027.570] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.571] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f8420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835fab30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4f64, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.572] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f64, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x4f64, lpOverlapped=0x0) returned 1 [0027.573] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.573] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f64, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x4f64, lpOverlapped=0x0) returned 1 [0027.573] CloseHandle (hObject=0x60) returned 1 [0027.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.574] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.adv")) returned 1 [0027.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.574] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f8420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835fab30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4f64, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.574] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.574] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="tr", cAlternateFileName="")) returned 1 [0027.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.574] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.575] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.575] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ff950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83602060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404e, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.575] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x404e, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x404e, lpOverlapped=0x0) returned 1 [0027.576] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.576] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x404e, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x404e, lpOverlapped=0x0) returned 1 [0027.577] CloseHandle (hObject=0x60) returned 1 [0027.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.577] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.adv")) returned 1 [0027.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.577] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ff950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83602060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404e, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.577] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.577] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="uk", cAlternateFileName="")) returned 1 [0027.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.578] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.578] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.578] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.578] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8360e3b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83610ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f1, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.578] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.579] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x48f1, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x48f1, lpOverlapped=0x0) returned 1 [0027.580] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.580] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x48f1, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x48f1, lpOverlapped=0x0) returned 1 [0027.580] CloseHandle (hObject=0x60) returned 1 [0027.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.581] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.adv")) returned 1 [0027.581] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.581] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.581] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8360e3b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83610ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f1, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.581] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.581] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.581] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.581] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="vi", cAlternateFileName="")) returned 1 [0027.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.581] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.581] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.582] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.582] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83617ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x426b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.582] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x426b, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x426b, lpOverlapped=0x0) returned 1 [0027.584] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.584] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x426b, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x426b, lpOverlapped=0x0) returned 1 [0027.584] CloseHandle (hObject=0x60) returned 1 [0027.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.585] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.adv")) returned 1 [0027.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.585] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83617ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x426b, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.585] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.585] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="zh", cAlternateFileName="")) returned 1 [0027.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.585] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.586] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.586] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8361f520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d11, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.586] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.586] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d11, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3d11, lpOverlapped=0x0) returned 1 [0027.587] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.587] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d11, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3d11, lpOverlapped=0x0) returned 1 [0027.588] CloseHandle (hObject=0x60) returned 1 [0027.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.588] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.adv")) returned 1 [0027.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.588] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8361f520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d11, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.588] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.588] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0027.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6efd10 [0027.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6f0ff8 [0027.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f11b0 [0027.588] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.589] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="..", cAlternateFileName="")) returned 1 [0027.589] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8362b870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d72, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0027.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f22f0 [0027.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f2428 [0027.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f22f0 | out: hHeap=0x6d0000) returned 1 [0027.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60 [0027.589] ReadFile (in: hFile=0x60, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d72, lpNumberOfBytesRead=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d394*=0x3d72, lpOverlapped=0x0) returned 1 [0027.590] SetFilePointer (in: hFile=0x60, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.590] WriteFile (in: hFile=0x60, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d72, lpNumberOfBytesWritten=0x31d394, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d394*=0x3d72, lpOverlapped=0x0) returned 1 [0027.591] CloseHandle (hObject=0x60) returned 1 [0027.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f25f8 [0027.591] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json.adv")) returned 1 [0027.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f25f8 | out: hHeap=0x6d0000) returned 1 [0027.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2428 | out: hHeap=0x6d0000) returned 1 [0027.591] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8362b870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d72, dwReserved0=0x1d2dd9e, dwReserved1=0x83624340, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0027.591] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f11b0 | out: hHeap=0x6d0000) returned 1 [0027.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ff8 | out: hHeap=0x6d0000) returned 1 [0027.591] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0027.591] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe38 | out: hHeap=0x6d0000) returned 1 [0027.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.592] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0027.592] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ee8b0 [0027.592] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6efb70 [0027.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.592] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6efd10 [0027.592] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.592] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x77c, cFileName="..", cAlternateFileName="")) returned 1 [0027.592] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x839fe880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7299, dwReserved0=0x0, dwReserved1=0x77c, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0027.592] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.592] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.592] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7299, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x7299, lpOverlapped=0x0) returned 1 [0027.594] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.594] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7299, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x7299, lpOverlapped=0x0) returned 1 [0027.594] CloseHandle (hObject=0x5c) returned 1 [0027.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f1158 [0027.594] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.adv")) returned 1 [0027.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.595] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836e0310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3e39, dwReserved0=0x0, dwReserved1=0x77c, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0027.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0e50 [0027.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c6) returned 0x6f0f88 [0027.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0e50 | out: hHeap=0x6d0000) returned 1 [0027.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0027.595] ReadFile (in: hFile=0x5c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e39, lpNumberOfBytesRead=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d6a0*=0x3e39, lpOverlapped=0x0) returned 1 [0027.597] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.597] WriteFile (in: hFile=0x5c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e39, lpNumberOfBytesWritten=0x31d6a0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d6a0*=0x3e39, lpOverlapped=0x0) returned 1 [0027.597] CloseHandle (hObject=0x5c) returned 1 [0027.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f1158 [0027.597] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.adv")) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1158 | out: hHeap=0x6d0000) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0f88 | out: hHeap=0x6d0000) returned 1 [0027.598] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836e0310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3e39, dwReserved0=0x0, dwReserved1=0x77c, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0027.598] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd10 | out: hHeap=0x6d0000) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb70 | out: hHeap=0x6d0000) returned 1 [0027.598] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x839a6a40, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0027.598] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9c8 | out: hHeap=0x6d0000) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6d0000) returned 1 [0027.598] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9174a630, cFileName="5817.313.0.5_0", cAlternateFileName="581731~1.5_0")) returned 0 [0027.598] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec4c0 | out: hHeap=0x6d0000) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2b8 | out: hHeap=0x6d0000) returned 1 [0027.598] FindNextFileW (in: hFindFile=0x6e9d20, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x922, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 0 [0027.598] FindClose (in: hFindFile=0x6e9d20 | out: hFindFile=0x6e9d20) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb1a0 | out: hHeap=0x6d0000) returned 1 [0027.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.598] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80db2b00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Favicons", cAlternateFileName="")) returned 1 [0027.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.599] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.599] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x5000, lpOverlapped=0x0) returned 1 [0027.601] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.601] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x5000, lpOverlapped=0x0) returned 1 [0027.601] CloseHandle (hObject=0x4c) returned 1 [0027.601] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.601] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons.adv")) returned 1 [0027.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.602] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80e97340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Favicons-journal", cAlternateFileName="FAVICO~1")) returned 1 [0027.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.602] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.602] CloseHandle (hObject=0x4c) returned 1 [0027.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.602] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal.adv")) returned 1 [0027.605] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.605] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.605] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81c58330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b2e9, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Google Profile.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0027.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.605] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.605] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b2e9, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x2b2e9, lpOverlapped=0x0) returned 1 [0027.608] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.608] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b2e9, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x2b2e9, lpOverlapped=0x0) returned 1 [0027.609] CloseHandle (hObject=0x4c) returned 1 [0027.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.609] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico.adv")) returned 1 [0027.609] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.609] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.609] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f47590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="History", cAlternateFileName="")) returned 1 [0027.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.609] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.610] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x19000, lpOverlapped=0x0) returned 1 [0027.613] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.613] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x19000, lpOverlapped=0x0) returned 1 [0027.613] CloseHandle (hObject=0x4c) returned 1 [0027.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0027.613] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history.adv")) returned 1 [0027.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.614] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824d3190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824d3190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b6860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142f, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="History Provider Cache", cAlternateFileName="HISTOR~2")) returned 1 [0027.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.614] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x142f, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x142f, lpOverlapped=0x0) returned 1 [0027.616] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.616] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x142f, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x142f, lpOverlapped=0x0) returned 1 [0027.616] CloseHandle (hObject=0x4c) returned 1 [0027.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.616] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache.adv")) returned 1 [0027.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.616] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f6d6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="History-journal", cAlternateFileName="HISTOR~1")) returned 1 [0027.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.617] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.617] CloseHandle (hObject=0x4c) returned 1 [0027.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.617] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal.adv")) returned 1 [0027.617] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.617] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.617] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="JumpListIcons", cAlternateFileName="JUMPLI~2")) returned 1 [0027.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.617] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.617] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.618] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="..", cAlternateFileName="")) returned 1 [0027.618] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="A058.tmp", cAlternateFileName="")) returned 1 [0027.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0027.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0027.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0027.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.618] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.618] CloseHandle (hObject=0x50) returned 1 [0027.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec3a8 [0027.618] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp.adv")) returned 1 [0027.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0027.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0027.619] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="A059.tmp", cAlternateFileName="")) returned 1 [0027.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0027.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0027.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0027.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.619] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.619] CloseHandle (hObject=0x50) returned 1 [0027.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec3a8 [0027.619] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp.adv")) returned 1 [0027.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0027.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0027.620] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="A059.tmp", cAlternateFileName="")) returned 0 [0027.620] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.620] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="JumpListIconsOld", cAlternateFileName="JUMPLI~1")) returned 1 [0027.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.620] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.620] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="..", cAlternateFileName="")) returned 1 [0027.620] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="2B03.tmp", cAlternateFileName="")) returned 1 [0027.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0027.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.622] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.622] CloseHandle (hObject=0x50) returned 1 [0027.622] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp.adv")) returned 1 [0027.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0027.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0027.623] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="2B04.tmp", cAlternateFileName="")) returned 1 [0027.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0027.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.623] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.623] CloseHandle (hObject=0x50) returned 1 [0027.623] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp.adv")) returned 1 [0027.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0027.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0027.624] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="2B04.tmp", cAlternateFileName="")) returned 0 [0027.624] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.624] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Local Extension Settings", cAlternateFileName="LOCALE~1")) returned 1 [0027.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.624] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.624] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="..", cAlternateFileName="")) returned 1 [0027.624] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 1 [0027.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec1c8 [0027.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ec2a0 [0027.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1c8 | out: hHeap=0x6d0000) returned 1 [0027.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ec3e0 [0027.624] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8642cdf0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.626] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8642cdf0, cFileName="..", cAlternateFileName="")) returned 1 [0027.626] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86513570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8642cdf0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0027.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.626] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.626] CloseHandle (hObject=0x54) returned 1 [0027.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6ee8b0 [0027.627] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.adv")) returned 1 [0027.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.627] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x1d2dd9e, dwReserved1=0x8642cdf0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0027.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.628] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x10, lpOverlapped=0x0) returned 1 [0027.628] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.628] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x10, lpOverlapped=0x0) returned 1 [0027.629] CloseHandle (hObject=0x54) returned 1 [0027.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6ee8b0 [0027.629] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current.adv")) returned 1 [0027.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.629] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x8642cdf0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0027.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.629] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.629] CloseHandle (hObject=0x54) returned 1 [0027.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ee8b0 [0027.630] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock.adv")) returned 1 [0027.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.630] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97256fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x1d2dd9e, dwReserved1=0x8642cdf0, cFileName="LOG", cAlternateFileName="")) returned 1 [0027.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.631] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc4, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xc4, lpOverlapped=0x0) returned 1 [0027.631] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.632] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xc4, lpOverlapped=0x0) returned 1 [0027.632] CloseHandle (hObject=0x54) returned 1 [0027.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ee8b0 [0027.632] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log.adv")) returned 1 [0027.632] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.632] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.632] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x1d2dd9e, dwReserved1=0x8642cdf0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0027.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.632] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.633] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x29, lpOverlapped=0x0) returned 1 [0027.633] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.634] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x29, lpOverlapped=0x0) returned 1 [0027.634] CloseHandle (hObject=0x54) returned 1 [0027.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ee8b0 [0027.634] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001.adv")) returned 1 [0027.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.634] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x1d2dd9e, dwReserved1=0x8642cdf0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0027.634] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3e0 | out: hHeap=0x6d0000) returned 1 [0027.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2a0 | out: hHeap=0x6d0000) returned 1 [0027.634] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 0 [0027.634] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.635] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Local Storage", cAlternateFileName="LOCALS~1")) returned 1 [0027.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.635] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.636] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="..", cAlternateFileName="")) returned 1 [0027.636] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9048b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x43a, cFileName="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", cAlternateFileName="CHROME~1.LOC")) returned 1 [0027.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0027.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ec280 [0027.636] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0027.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.637] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x3000, lpOverlapped=0x0) returned 1 [0027.638] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.638] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x3000, lpOverlapped=0x0) returned 1 [0027.639] CloseHandle (hObject=0x50) returned 1 [0027.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ec3c8 [0027.639] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.adv")) returned 1 [0027.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3c8 | out: hHeap=0x6d0000) returned 1 [0027.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0027.639] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x904b1a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", cAlternateFileName="CHROME~2.LOC")) returned 1 [0027.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0027.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6ec280 [0027.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0027.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.640] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.640] CloseHandle (hObject=0x50) returned 1 [0027.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6ec3d8 [0027.640] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.adv")) returned 1 [0027.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3d8 | out: hHeap=0x6d0000) returned 1 [0027.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0027.640] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x904b1a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", cAlternateFileName="CHROME~2.LOC")) returned 0 [0027.640] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.641] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8124f5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Login Data", cAlternateFileName="LOGIND~1")) returned 1 [0027.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.642] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4800, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4800, lpOverlapped=0x0) returned 1 [0027.643] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.643] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4800, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4800, lpOverlapped=0x0) returned 1 [0027.643] CloseHandle (hObject=0x4c) returned 1 [0027.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.644] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data.adv")) returned 1 [0027.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.644] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Login Data-journal", cAlternateFileName="LOGIND~2")) returned 1 [0027.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.645] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.645] CloseHandle (hObject=0x4c) returned 1 [0027.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.645] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal.adv")) returned 1 [0027.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.645] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x825f0410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Network Action Predictor", cAlternateFileName="NETWOR~1")) returned 1 [0027.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.646] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c00, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x3c00, lpOverlapped=0x0) returned 1 [0027.647] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.647] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c00, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x3c00, lpOverlapped=0x0) returned 1 [0027.648] CloseHandle (hObject=0x4c) returned 1 [0027.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6eb0e8 [0027.648] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor.adv")) returned 1 [0027.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.648] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8262ad90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Network Action Predictor-journal", cAlternateFileName="NETWOR~2")) returned 1 [0027.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.649] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.649] CloseHandle (hObject=0x4c) returned 1 [0027.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6eb0e8 [0027.649] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal.adv")) returned 1 [0027.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.649] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86263d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86263d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86263d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Network Persistent State", cAlternateFileName="NETWOR~3")) returned 1 [0027.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.650] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x28, lpOverlapped=0x0) returned 1 [0027.650] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.650] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x28, lpOverlapped=0x0) returned 1 [0027.651] CloseHandle (hObject=0x4c) returned 1 [0027.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6eb0e8 [0027.651] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state.adv")) returned 1 [0027.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.652] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94034050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Origin Bound Certs", cAlternateFileName="ORIGIN~1")) returned 1 [0027.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.652] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1400, lpOverlapped=0x0) returned 1 [0027.653] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.654] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1400, lpOverlapped=0x0) returned 1 [0027.654] CloseHandle (hObject=0x4c) returned 1 [0027.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.654] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs.adv")) returned 1 [0027.654] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.654] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.654] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9405a1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Origin Bound Certs-journal", cAlternateFileName="ORIGIN~2")) returned 1 [0027.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.654] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.655] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.655] CloseHandle (hObject=0x4c) returned 1 [0027.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6eb0e8 [0027.655] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal.adv")) returned 1 [0027.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.655] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c43f3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c446910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a9d, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Preferences", cAlternateFileName="PREFER~1")) returned 1 [0027.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.656] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a9d, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1a9d, lpOverlapped=0x0) returned 1 [0027.657] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.657] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a9d, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1a9d, lpOverlapped=0x0) returned 1 [0027.657] CloseHandle (hObject=0x4c) returned 1 [0027.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.657] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences.adv")) returned 1 [0027.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.658] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8dea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8dea80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="previews_opt_out.db", cAlternateFileName="PREVIE~1.DB")) returned 1 [0027.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.658] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0027.660] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.660] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0027.660] CloseHandle (hObject=0x4c) returned 1 [0027.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.660] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db.adv")) returned 1 [0027.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.660] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x804795c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x804795c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x812c19c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="previews_opt_out.db-journal", cAlternateFileName="PREVIE~1.DB-")) returned 1 [0027.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.661] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.661] CloseHandle (hObject=0x4c) returned 1 [0027.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6eb0e8 [0027.661] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal.adv")) returned 1 [0027.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.662] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x869fc2d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="QuotaManager", cAlternateFileName="QUOTAM~1")) returned 1 [0027.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.662] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c00, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x3c00, lpOverlapped=0x0) returned 1 [0027.664] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.664] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c00, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x3c00, lpOverlapped=0x0) returned 1 [0027.664] CloseHandle (hObject=0x4c) returned 1 [0027.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.664] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager.adv")) returned 1 [0027.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.664] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="QuotaManager-journal", cAlternateFileName="QUOTAM~2")) returned 1 [0027.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.666] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.666] CloseHandle (hObject=0x4c) returned 1 [0027.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.666] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal.adv")) returned 1 [0027.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.666] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb490b220, ftLastWriteTime.dwHighDateTime=0x1d5d8ba, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="QuotaManager.adv", cAlternateFileName="QUOTAM~1.ADV")) returned 1 [0027.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager.adv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.667] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c00, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x3c00, lpOverlapped=0x0) returned 1 [0027.667] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.667] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c00, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x3c00, lpOverlapped=0x0) returned 1 [0027.667] CloseHandle (hObject=0x4c) returned 1 [0027.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.667] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager.adv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager.adv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager.adv.adv")) returned 1 [0027.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.667] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f846500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f846500, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="README", cAlternateFileName="")) returned 1 [0027.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.668] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb4, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xb4, lpOverlapped=0x0) returned 1 [0027.669] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.669] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb4, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xb4, lpOverlapped=0x0) returned 1 [0027.669] CloseHandle (hObject=0x4c) returned 1 [0027.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eb0e8 [0027.669] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme.adv")) returned 1 [0027.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.670] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3f38f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c404a60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8b43, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Secure Preferences", cAlternateFileName="SECURE~1")) returned 1 [0027.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.670] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8b43, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x8b43, lpOverlapped=0x0) returned 1 [0027.671] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.671] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8b43, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x8b43, lpOverlapped=0x0) returned 1 [0027.672] CloseHandle (hObject=0x4c) returned 1 [0027.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.672] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences.adv")) returned 1 [0027.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.672] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82271b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Shortcuts", cAlternateFileName="SHORTC~1")) returned 1 [0027.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.672] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.673] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x3000, lpOverlapped=0x0) returned 1 [0027.675] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.675] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x3000, lpOverlapped=0x0) returned 1 [0027.675] CloseHandle (hObject=0x4c) returned 1 [0027.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.675] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts.adv")) returned 1 [0027.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.675] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x822e3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Shortcuts-journal", cAlternateFileName="SHORTC~2")) returned 1 [0027.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.676] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.676] CloseHandle (hObject=0x4c) returned 1 [0027.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.676] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal.adv")) returned 1 [0027.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.676] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Sync Extension Settings", cAlternateFileName="SYNCEX~1")) returned 1 [0027.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.677] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x437, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.677] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x437, cFileName="..", cAlternateFileName="")) returned 1 [0027.677] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x437, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 1 [0027.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ec1c8 [0027.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ec2a0 [0027.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1c8 | out: hHeap=0x6d0000) returned 1 [0027.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ec3e0 [0027.677] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x84251e10, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.679] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x84251e10, cFileName="..", cAlternateFileName="")) returned 1 [0027.679] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8448d2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x84251e10, cFileName="000003.log", cAlternateFileName="")) returned 1 [0027.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.679] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.679] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.679] CloseHandle (hObject=0x54) returned 1 [0027.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6ee8b0 [0027.679] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.adv")) returned 1 [0027.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.680] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x1d2dd9e, dwReserved1=0x84251e10, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0027.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.680] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x10, lpOverlapped=0x0) returned 1 [0027.681] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.681] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x10, lpOverlapped=0x0) returned 1 [0027.681] CloseHandle (hObject=0x54) returned 1 [0027.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6ee8b0 [0027.681] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current.adv")) returned 1 [0027.682] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.682] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.682] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x84251e10, cFileName="LOCK", cAlternateFileName="")) returned 1 [0027.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.682] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.682] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.682] CloseHandle (hObject=0x54) returned 1 [0027.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ee8b0 [0027.682] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock.adv")) returned 1 [0027.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.683] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93935fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x1d2dd9e, dwReserved1=0x84251e10, cFileName="LOG", cAlternateFileName="")) returned 1 [0027.683] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.683] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.683] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xc3, lpOverlapped=0x0) returned 1 [0027.684] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.684] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xc3, lpOverlapped=0x0) returned 1 [0027.684] CloseHandle (hObject=0x54) returned 1 [0027.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ee8b0 [0027.684] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log.adv")) returned 1 [0027.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.685] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x1d2dd9e, dwReserved1=0x84251e10, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0027.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed500 [0027.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed618 [0027.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed500 | out: hHeap=0x6d0000) returned 1 [0027.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.685] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x29, lpOverlapped=0x0) returned 1 [0027.686] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.686] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x29, lpOverlapped=0x0) returned 1 [0027.686] CloseHandle (hObject=0x54) returned 1 [0027.686] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ee8b0 [0027.686] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001.adv")) returned 1 [0027.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed618 | out: hHeap=0x6d0000) returned 1 [0027.687] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x1d2dd9e, dwReserved1=0x84251e10, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0027.687] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3e0 | out: hHeap=0x6d0000) returned 1 [0027.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec2a0 | out: hHeap=0x6d0000) returned 1 [0027.687] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x437, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 0 [0027.687] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.687] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8195e7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Top Sites", cAlternateFileName="TOPSIT~1")) returned 1 [0027.687] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.687] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.688] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x5000, lpOverlapped=0x0) returned 1 [0027.690] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.690] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x5000, lpOverlapped=0x0) returned 1 [0027.690] CloseHandle (hObject=0x4c) returned 1 [0027.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.690] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites.adv")) returned 1 [0027.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.691] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d8c9a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d8c9a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81984910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Top Sites-journal", cAlternateFileName="TOPSIT~2")) returned 1 [0027.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.691] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.691] CloseHandle (hObject=0x4c) returned 1 [0027.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.691] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal.adv")) returned 1 [0027.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.692] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c2e920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x88c2e920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x88c2e920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x278, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="TransportSecurity", cAlternateFileName="TRANSP~1")) returned 1 [0027.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.692] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x278, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x278, lpOverlapped=0x0) returned 1 [0027.694] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.694] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x278, lpOverlapped=0x0) returned 1 [0027.694] CloseHandle (hObject=0x4c) returned 1 [0027.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.695] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity.adv")) returned 1 [0027.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.695] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80ee3600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80ee3600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6cde50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Visited Links", cAlternateFileName="VISITE~1")) returned 1 [0027.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.696] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x20000, lpOverlapped=0x0) returned 1 [0027.699] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.699] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x20000, lpOverlapped=0x0) returned 1 [0027.699] CloseHandle (hObject=0x4c) returned 1 [0027.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.699] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links.adv")) returned 1 [0027.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.700] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Web Applications", cAlternateFileName="WEBAPP~1")) returned 1 [0027.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.700] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.700] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="..", cAlternateFileName="")) returned 1 [0027.700] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="_crx_aohghmighlieiainnegkcijnfilokake", cAlternateFileName="_CRX_A~1")) returned 1 [0027.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ec1b8 [0027.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ec280 [0027.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec1b8 | out: hHeap=0x6d0000) returned 1 [0027.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ec3a8 [0027.700] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x868593b0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.700] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x868593b0, cFileName="..", cAlternateFileName="")) returned 1 [0027.700] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28df6, dwReserved0=0x1d2dd9e, dwReserved1=0x868593b0, cFileName="Google Docs.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0027.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed4c8 [0027.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed5e0 [0027.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed4c8 | out: hHeap=0x6d0000) returned 1 [0027.701] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.701] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28df6, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x28df6, lpOverlapped=0x0) returned 1 [0027.704] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.704] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28df6, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x28df6, lpOverlapped=0x0) returned 1 [0027.705] CloseHandle (hObject=0x54) returned 1 [0027.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6ee8b0 [0027.705] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.adv")) returned 1 [0027.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed5e0 | out: hHeap=0x6d0000) returned 1 [0027.705] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x1d2dd9e, dwReserved1=0x868593b0, cFileName="Google Docs.ico.md5", cAlternateFileName="GOOGLE~1.MD5")) returned 1 [0027.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ed4c8 [0027.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ed5e0 [0027.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed4c8 | out: hHeap=0x6d0000) returned 1 [0027.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0027.706] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x10, lpOverlapped=0x0) returned 1 [0027.706] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.706] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x10, lpOverlapped=0x0) returned 1 [0027.707] CloseHandle (hObject=0x54) returned 1 [0027.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ee8b0 [0027.707] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5.adv")) returned 1 [0027.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed5e0 | out: hHeap=0x6d0000) returned 1 [0027.707] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x1d2dd9e, dwReserved1=0x868593b0, cFileName="Google Docs.ico.md5", cAlternateFileName="GOOGLE~1.MD5")) returned 0 [0027.707] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec3a8 | out: hHeap=0x6d0000) returned 1 [0027.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ec280 | out: hHeap=0x6d0000) returned 1 [0027.707] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x43a, cFileName="_crx_aohghmighlieiainnegkcijnfilokake", cAlternateFileName="_CRX_A~1")) returned 0 [0027.707] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.707] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d370c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Web Data", cAlternateFileName="WEBDAT~1")) returned 1 [0027.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.708] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x11000, lpOverlapped=0x0) returned 1 [0027.710] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.710] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x11000, lpOverlapped=0x0) returned 1 [0027.710] CloseHandle (hObject=0x4c) returned 1 [0027.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eb0e8 [0027.710] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data.adv")) returned 1 [0027.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.711] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 1 [0027.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eaf48 [0027.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eaff0 [0027.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaf48 | out: hHeap=0x6d0000) returned 1 [0027.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.711] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.711] CloseHandle (hObject=0x4c) returned 1 [0027.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eb0e8 [0027.712] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal.adv")) returned 1 [0027.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb0e8 | out: hHeap=0x6d0000) returned 1 [0027.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaff0 | out: hHeap=0x6d0000) returned 1 [0027.712] FindNextFileW (in: hFindFile=0x6e8b70, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 0 [0027.712] FindClose (in: hFindFile=0x6e8b70 | out: hFindFile=0x6e8b70) returned 1 [0027.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.712] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="EVWhitelist", cAlternateFileName="EVWHIT~1")) returned 1 [0027.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9e98 [0027.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e9f40 [0027.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.712] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.713] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="..", cAlternateFileName="")) returned 1 [0027.713] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="..", cAlternateFileName="")) returned 0 [0027.713] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9f40 | out: hHeap=0x6d0000) returned 1 [0027.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.714] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="FileTypePolicies", cAlternateFileName="FILETY~1")) returned 1 [0027.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e9e98 [0027.714] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.714] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="..", cAlternateFileName="")) returned 1 [0027.714] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x9c593160, cFileName="..", cAlternateFileName="")) returned 0 [0027.714] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.714] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8b8920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8b8920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f8b8920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="First Run", cAlternateFileName="FIRSTR~1")) returned 1 [0027.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.715] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.715] CloseHandle (hObject=0x48) returned 1 [0027.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e9e98 [0027.715] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run.adv")) returned 1 [0027.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.715] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85749110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c0bcce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0bf3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1082a, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="Local State", cAlternateFileName="LOCALS~1")) returned 1 [0027.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.716] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1082a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1082a, lpOverlapped=0x0) returned 1 [0027.718] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.718] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1082a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1082a, lpOverlapped=0x0) returned 1 [0027.718] CloseHandle (hObject=0x48) returned 1 [0027.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e9e98 [0027.718] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state.adv")) returned 1 [0027.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.719] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="OriginTrials", cAlternateFileName="ORIGIN~1")) returned 1 [0027.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e9e98 [0027.719] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x689, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.719] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x689, cFileName="..", cAlternateFileName="")) returned 1 [0027.719] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x689, cFileName="..", cAlternateFileName="")) returned 0 [0027.719] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.719] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="PepperFlash", cAlternateFileName="PEPPER~1")) returned 1 [0027.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9e98 [0027.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e9f40 [0027.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.719] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x689, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.719] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x689, cFileName="..", cAlternateFileName="")) returned 1 [0027.719] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x689, cFileName="..", cAlternateFileName="")) returned 0 [0027.720] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9f40 | out: hHeap=0x6d0000) returned 1 [0027.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.720] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="pnacl", cAlternateFileName="")) returned 1 [0027.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9e98 [0027.720] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x689, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.720] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x689, cFileName="..", cAlternateFileName="")) returned 1 [0027.720] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x689, cFileName="..", cAlternateFileName="")) returned 0 [0027.720] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.720] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f6e8b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="Safe Browsing Channel IDs", cAlternateFileName="SAFEBR~3")) returned 1 [0027.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.721] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1400, lpOverlapped=0x0) returned 1 [0027.722] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.722] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1400, lpOverlapped=0x0) returned 1 [0027.722] CloseHandle (hObject=0x48) returned 1 [0027.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e9e98 [0027.722] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids.adv")) returned 1 [0027.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.725] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f94a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="Safe Browsing Channel IDs-journal", cAlternateFileName="SAFEBR~4")) returned 1 [0027.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.726] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.726] CloseHandle (hObject=0x48) returned 1 [0027.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e9e98 [0027.726] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal.adv")) returned 1 [0027.726] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.726] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.726] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="Safe Browsing Cookies", cAlternateFileName="SAFEBR~1")) returned 1 [0027.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.726] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.727] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1c00, lpOverlapped=0x0) returned 1 [0027.728] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.728] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c00, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1c00, lpOverlapped=0x0) returned 1 [0027.728] CloseHandle (hObject=0x48) returned 1 [0027.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e9e98 [0027.729] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies.adv")) returned 1 [0027.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.729] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="Safe Browsing Cookies-journal", cAlternateFileName="SAFEBR~2")) returned 1 [0027.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.730] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.730] CloseHandle (hObject=0x48) returned 1 [0027.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e9e98 [0027.730] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal.adv")) returned 1 [0027.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.730] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="SSLErrorAssistant", cAlternateFileName="SSLERR~1")) returned 1 [0027.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e9e98 [0027.730] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x680, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.730] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x680, cFileName="..", cAlternateFileName="")) returned 1 [0027.731] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x680, cFileName="..", cAlternateFileName="")) returned 0 [0027.731] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.731] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="SwReporter", cAlternateFileName="SWREPO~1")) returned 1 [0027.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9e98 [0027.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e9f40 [0027.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.731] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x680, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.731] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x680, cFileName="..", cAlternateFileName="")) returned 1 [0027.731] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x680, cFileName="..", cAlternateFileName="")) returned 0 [0027.731] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9f40 | out: hHeap=0x6d0000) returned 1 [0027.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.731] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0027.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e9d20 [0027.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e9db8 [0027.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9d20 | out: hHeap=0x6d0000) returned 1 [0027.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e9e98 [0027.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e9f40 [0027.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9e98 | out: hHeap=0x6d0000) returned 1 [0027.731] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x680, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.732] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x680, cFileName="..", cAlternateFileName="")) returned 1 [0027.732] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x680, cFileName="..", cAlternateFileName="")) returned 0 [0027.732] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9f40 | out: hHeap=0x6d0000) returned 1 [0027.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e9db8 | out: hHeap=0x6d0000) returned 1 [0027.732] FindNextFileW (in: hFindFile=0x6e8b30, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 0 [0027.732] FindClose (in: hFindFile=0x6e8b30 | out: hFindFile=0x6e8b30) returned 1 [0027.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8c80 | out: hHeap=0x6d0000) returned 1 [0027.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e8bb8 | out: hHeap=0x6d0000) returned 1 [0027.732] FindNextFileW (in: hFindFile=0x6e7978, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 0 [0027.732] FindClose (in: hFindFile=0x6e7978 | out: hFindFile=0x6e7978) returned 1 [0027.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7aa0 | out: hHeap=0x6d0000) returned 1 [0027.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e79f0 | out: hHeap=0x6d0000) returned 1 [0027.732] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x122c, cFileName="CrashReports", cAlternateFileName="CRASHR~1")) returned 1 [0027.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ee8b0 [0027.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6ee928 [0027.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6ee9d8 [0027.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6eea60 [0027.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9d8 | out: hHeap=0x6d0000) returned 1 [0027.732] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.732] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="..", cAlternateFileName="")) returned 1 [0027.732] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x7f572ae0, cFileName="..", cAlternateFileName="")) returned 0 [0027.732] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0027.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea60 | out: hHeap=0x6d0000) returned 1 [0027.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee928 | out: hHeap=0x6d0000) returned 1 [0027.733] FindNextFileW (in: hFindFile=0x6e67f8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x122c, cFileName="CrashReports", cAlternateFileName="CRASHR~1")) returned 0 [0027.733] FindClose (in: hFindFile=0x6e67f8 | out: hFindFile=0x6e67f8) returned 1 [0027.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e68f8 | out: hHeap=0x6d0000) returned 1 [0027.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6860 | out: hHeap=0x6d0000) returned 1 [0027.733] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="History", cAlternateFileName="")) returned 1 [0027.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ee8b0 [0027.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6ee918 [0027.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ee9b0 [0027.733] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x122c, cFileName="CrashReports", cAlternateFileName="")) returned 0xffffffff [0027.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9b0 | out: hHeap=0x6d0000) returned 1 [0027.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee918 | out: hHeap=0x6d0000) returned 1 [0027.733] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9fc540, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x126775, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0027.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ee8b0 [0027.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6ee918 [0027.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0027.733] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x126775, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x126775, lpOverlapped=0x0) returned 1 [0027.753] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.753] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x126775, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x126775, lpOverlapped=0x0) returned 1 [0027.760] CloseHandle (hObject=0x3c) returned 1 [0027.760] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6ee9b0 [0027.760] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db.adv")) returned 1 [0027.760] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9b0 | out: hHeap=0x6d0000) returned 1 [0027.760] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee918 | out: hHeap=0x6d0000) returned 1 [0027.760] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0027.760] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ee8b0 [0027.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6ee918 [0027.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0027.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ee9b0 [0027.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0027.761] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="..", cAlternateFileName="")) returned 1 [0027.761] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0027.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.761] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.761] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 0 [0027.761] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.761] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0027.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.768] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.768] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 0 [0027.768] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.768] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Feeds", cAlternateFileName="")) returned 1 [0027.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0027.768] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.771] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.771] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6e0227e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0027.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0027.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0027.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0027.771] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.772] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x1a00, lpOverlapped=0x0) returned 1 [0027.773] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.773] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a00, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x1a00, lpOverlapped=0x0) returned 1 [0027.774] CloseHandle (hObject=0x44) returned 1 [0027.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d38 [0027.774] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms.adv")) returned 1 [0027.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0027.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0027.774] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0027.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0027.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0027.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0027.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d38 [0027.774] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x59b, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.779] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x59b, cFileName="..", cAlternateFileName="")) returned 1 [0027.780] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeaa2466, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x59b, cFileName="Microsoft at Home~.feed-ms", cAlternateFileName="MICROS~2.FEE")) returned 1 [0027.780] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1de8 [0027.780] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1e90 [0027.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1de8 | out: hHeap=0x6d0000) returned 1 [0027.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.780] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0027.782] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.782] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0027.782] CloseHandle (hObject=0x48) returned 1 [0027.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f1f88 [0027.782] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.adv")) returned 1 [0027.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f88 | out: hHeap=0x6d0000) returned 1 [0027.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e90 | out: hHeap=0x6d0000) returned 1 [0027.782] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x59b, cFileName="Microsoft at Work~.feed-ms", cAlternateFileName="MICROS~1.FEE")) returned 1 [0027.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1de8 [0027.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1e90 [0027.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1de8 | out: hHeap=0x6d0000) returned 1 [0027.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.783] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0027.784] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.784] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0027.785] CloseHandle (hObject=0x48) returned 1 [0027.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f1f88 [0027.785] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.adv")) returned 1 [0027.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f88 | out: hHeap=0x6d0000) returned 1 [0027.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e90 | out: hHeap=0x6d0000) returned 1 [0027.785] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x59b, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 1 [0027.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1de8 [0027.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1e90 [0027.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1de8 | out: hHeap=0x6d0000) returned 1 [0027.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.786] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0027.788] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.788] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0027.788] CloseHandle (hObject=0x48) returned 1 [0027.788] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f1f88 [0027.788] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.adv")) returned 1 [0027.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f88 | out: hHeap=0x6d0000) returned 1 [0027.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e90 | out: hHeap=0x6d0000) returned 1 [0027.789] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x59b, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 0 [0027.789] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0027.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0027.789] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0027.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0027.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0c70 [0027.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0027.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0d48 [0027.789] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x59b, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.789] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x59b, cFileName="..", cAlternateFileName="")) returned 1 [0027.789] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x59b, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 1 [0027.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f1e28 [0027.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f1f00 [0027.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e28 | out: hHeap=0x6d0000) returned 1 [0027.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f2040 [0027.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f2128 [0027.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2040 | out: hHeap=0x6d0000) returned 1 [0027.789] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.789] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="..", cAlternateFileName="")) returned 1 [0027.789] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52d69eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6e0227e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="Suggested Sites~.feed-ms", cAlternateFileName="SUGGES~1.FEE")) returned 1 [0027.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f2040 [0027.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3288 [0027.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2040 | out: hHeap=0x6d0000) returned 1 [0027.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.790] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x8000, lpOverlapped=0x0) returned 1 [0027.792] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.792] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x8000, lpOverlapped=0x0) returned 1 [0027.793] CloseHandle (hObject=0x4c) returned 1 [0027.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f33e0 [0027.793] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms.adv")) returned 1 [0027.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f33e0 | out: hHeap=0x6d0000) returned 1 [0027.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3288 | out: hHeap=0x6d0000) returned 1 [0027.793] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 1 [0027.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f2040 [0027.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3288 [0027.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2040 | out: hHeap=0x6d0000) returned 1 [0027.794] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.794] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x7000, lpOverlapped=0x0) returned 1 [0027.796] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.796] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x7000, lpOverlapped=0x0) returned 1 [0027.796] CloseHandle (hObject=0x4c) returned 1 [0027.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f33e0 [0027.797] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.adv")) returned 1 [0027.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f33e0 | out: hHeap=0x6d0000) returned 1 [0027.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3288 | out: hHeap=0x6d0000) returned 1 [0027.797] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 0 [0027.797] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2128 | out: hHeap=0x6d0000) returned 1 [0027.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f00 | out: hHeap=0x6d0000) returned 1 [0027.797] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x59b, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 0 [0027.797] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d48 | out: hHeap=0x6d0000) returned 1 [0027.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0027.797] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0027.797] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.797] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0027.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.798] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.800] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.800] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0027.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0bf8 [0027.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0c90 [0027.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0027.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d70 [0027.800] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.800] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="..", cAlternateFileName="")) returned 1 [0027.800] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0027.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1e20 [0027.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1ec8 [0027.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e20 | out: hHeap=0x6d0000) returned 1 [0027.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.801] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0027.801] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.801] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0027.802] CloseHandle (hObject=0x48) returned 1 [0027.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f1fc0 [0027.802] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.adv")) returned 1 [0027.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fc0 | out: hHeap=0x6d0000) returned 1 [0027.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ec8 | out: hHeap=0x6d0000) returned 1 [0027.802] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0027.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1e20 [0027.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1ec8 [0027.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e20 | out: hHeap=0x6d0000) returned 1 [0027.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.803] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.803] CloseHandle (hObject=0x48) returned 1 [0027.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f1fc0 [0027.803] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1].adv")) returned 1 [0027.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fc0 | out: hHeap=0x6d0000) returned 1 [0027.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ec8 | out: hHeap=0x6d0000) returned 1 [0027.803] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0027.803] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0027.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0027.803] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0027.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0bf8 [0027.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0c90 [0027.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0027.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d70 [0027.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.804] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="..", cAlternateFileName="")) returned 1 [0027.804] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0027.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1e20 [0027.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1ec8 [0027.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e20 | out: hHeap=0x6d0000) returned 1 [0027.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.804] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0027.805] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.805] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0027.805] CloseHandle (hObject=0x48) returned 1 [0027.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f1fc0 [0027.805] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.adv")) returned 1 [0027.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fc0 | out: hHeap=0x6d0000) returned 1 [0027.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ec8 | out: hHeap=0x6d0000) returned 1 [0027.806] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0027.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1e20 [0027.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1ec8 [0027.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e20 | out: hHeap=0x6d0000) returned 1 [0027.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.807] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.807] CloseHandle (hObject=0x48) returned 1 [0027.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f1fc0 [0027.807] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1].adv")) returned 1 [0027.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fc0 | out: hHeap=0x6d0000) returned 1 [0027.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ec8 | out: hHeap=0x6d0000) returned 1 [0027.807] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0027.807] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0027.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0027.807] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0027.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0027.808] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.808] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="..", cAlternateFileName="")) returned 1 [0027.808] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0027.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e20 | out: hHeap=0x6d0000) returned 1 [0027.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.808] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0027.809] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.809] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0027.809] CloseHandle (hObject=0x48) returned 1 [0027.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f1fc0 [0027.809] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.adv")) returned 1 [0027.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fc0 | out: hHeap=0x6d0000) returned 1 [0027.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ec8 | out: hHeap=0x6d0000) returned 1 [0027.810] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0027.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1e20 [0027.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1ec8 [0027.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e20 | out: hHeap=0x6d0000) returned 1 [0027.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.810] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.810] CloseHandle (hObject=0x48) returned 1 [0027.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f1fc0 [0027.810] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1].adv")) returned 1 [0027.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fc0 | out: hHeap=0x6d0000) returned 1 [0027.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ec8 | out: hHeap=0x6d0000) returned 1 [0027.810] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28f3aae0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0027.810] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0027.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0027.811] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0027.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0bf8 [0027.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0c90 [0027.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0027.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.811] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x43, lpOverlapped=0x0) returned 1 [0027.812] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.812] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x43, lpOverlapped=0x0) returned 1 [0027.812] CloseHandle (hObject=0x44) returned 1 [0027.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d70 [0027.812] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini.adv")) returned 1 [0027.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0027.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0027.813] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2bc126f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="index.dat", cAlternateFileName="")) returned 1 [0027.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0bf8 [0027.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0c90 [0027.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0027.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.813] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x8000, lpOverlapped=0x0) returned 1 [0027.817] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.817] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x8000, lpOverlapped=0x0) returned 1 [0027.818] CloseHandle (hObject=0x44) returned 1 [0027.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d70 [0027.818] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat.adv")) returned 1 [0027.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0027.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0027.818] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0027.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0bf8 [0027.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0c90 [0027.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0027.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d70 [0027.819] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x598, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.819] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x598, cFileName="..", cAlternateFileName="")) returned 1 [0027.819] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x598, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0027.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1e20 [0027.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1ec8 [0027.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e20 | out: hHeap=0x6d0000) returned 1 [0027.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.819] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0027.820] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.820] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0027.820] CloseHandle (hObject=0x48) returned 1 [0027.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f1fc0 [0027.820] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.adv")) returned 1 [0027.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fc0 | out: hHeap=0x6d0000) returned 1 [0027.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ec8 | out: hHeap=0x6d0000) returned 1 [0027.821] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x598, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0027.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1e20 [0027.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1ec8 [0027.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e20 | out: hHeap=0x6d0000) returned 1 [0027.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.821] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.821] CloseHandle (hObject=0x48) returned 1 [0027.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f1fc0 [0027.821] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1].adv")) returned 1 [0027.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fc0 | out: hHeap=0x6d0000) returned 1 [0027.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ec8 | out: hHeap=0x6d0000) returned 1 [0027.823] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x52d90010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x598, cFileName="ieonline.microsoft[1]", cAlternateFileName="IEONLI~1.MIC")) returned 1 [0027.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1e20 [0027.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f1ec8 [0027.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e20 | out: hHeap=0x6d0000) returned 1 [0027.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.823] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.823] CloseHandle (hObject=0x48) returned 1 [0027.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f1fc0 [0027.824] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1].adv")) returned 1 [0027.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fc0 | out: hHeap=0x6d0000) returned 1 [0027.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ec8 | out: hHeap=0x6d0000) returned 1 [0027.824] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x52d90010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x598, cFileName="ieonline.microsoft[1]", cAlternateFileName="IEONLI~1.MIC")) returned 0 [0027.824] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0027.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0027.824] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0027.824] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.824] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="FORMS", cAlternateFileName="")) returned 1 [0027.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0027.824] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.825] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.825] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d757c20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x3c0dc, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="FRMCACHE.DAT", cAlternateFileName="")) returned 1 [0027.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0027.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0027.825] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0027.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.826] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c0dc, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3c0dc, lpOverlapped=0x0) returned 1 [0027.829] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.829] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c0dc, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3c0dc, lpOverlapped=0x0) returned 1 [0027.830] CloseHandle (hObject=0x44) returned 1 [0027.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d38 [0027.830] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat.adv")) returned 1 [0027.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0027.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0027.831] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d757c20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x3c0dc, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="FRMCACHE.DAT", cAlternateFileName="")) returned 0 [0027.831] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.831] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="IME12", cAlternateFileName="")) returned 1 [0027.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0027.831] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.831] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.832] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 0 [0027.832] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.832] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0027.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0027.832] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.833] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.833] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 0 [0027.833] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.833] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0027.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0027.833] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.834] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.834] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 0 [0027.834] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.834] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0027.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0027.834] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.835] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.835] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 0 [0027.835] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.835] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0027.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efbf0 [0027.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.835] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.837] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.837] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0027.837] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.837] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0cd8 [0027.837] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.838] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fa9, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2fa9, lpOverlapped=0x0) returned 1 [0027.840] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.840] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fa9, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2fa9, lpOverlapped=0x0) returned 1 [0027.840] CloseHandle (hObject=0x44) returned 1 [0027.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0db8 [0027.840] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.adv")) returned 1 [0027.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cd8 | out: hHeap=0x6d0000) returned 1 [0027.840] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d977900, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2fb0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0027.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0cd8 [0027.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.841] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fb0, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2fb0, lpOverlapped=0x0) returned 1 [0027.843] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.843] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2fb0, lpOverlapped=0x0) returned 1 [0027.843] CloseHandle (hObject=0x44) returned 1 [0027.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0db8 [0027.843] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.adv")) returned 1 [0027.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cd8 | out: hHeap=0x6d0000) returned 1 [0027.844] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="DOMStore", cAlternateFileName="")) returned 1 [0027.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0cd8 [0027.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0db8 [0027.844] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x58b, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.845] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x58b, cFileName="..", cAlternateFileName="")) returned 1 [0027.845] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x58b, cFileName="3LKBQZJ3", cAlternateFileName="")) returned 1 [0027.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1e78 [0027.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f30 [0027.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e78 | out: hHeap=0x6d0000) returned 1 [0027.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f2040 [0027.845] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.845] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName="..", cAlternateFileName="")) returned 1 [0027.845] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName="..", cAlternateFileName="")) returned 0 [0027.845] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2040 | out: hHeap=0x6d0000) returned 1 [0027.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f30 | out: hHeap=0x6d0000) returned 1 [0027.846] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x58b, cFileName="8NES5H33", cAlternateFileName="")) returned 1 [0027.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1e78 [0027.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f30 [0027.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e78 | out: hHeap=0x6d0000) returned 1 [0027.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f2040 [0027.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.846] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName="..", cAlternateFileName="")) returned 1 [0027.846] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d941010, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName="get.adobe[1].xml", cAlternateFileName="GETADO~1.XML")) returned 1 [0027.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f3110 [0027.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6f31d8 [0027.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3110 | out: hHeap=0x6d0000) returned 1 [0027.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.846] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xd, lpOverlapped=0x0) returned 1 [0027.847] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.847] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xd, lpOverlapped=0x0) returned 1 [0027.847] CloseHandle (hObject=0x4c) returned 1 [0027.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3300 [0027.847] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml.adv")) returned 1 [0027.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3300 | out: hHeap=0x6d0000) returned 1 [0027.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d8 | out: hHeap=0x6d0000) returned 1 [0027.848] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d941010, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName="get.adobe[1].xml", cAlternateFileName="GETADO~1.XML")) returned 0 [0027.848] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2040 | out: hHeap=0x6d0000) returned 1 [0027.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f30 | out: hHeap=0x6d0000) returned 1 [0027.848] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x58b, cFileName="FKLUIDU0", cAlternateFileName="")) returned 1 [0027.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1e78 [0027.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f30 [0027.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e78 | out: hHeap=0x6d0000) returned 1 [0027.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f2040 [0027.848] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.848] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName="..", cAlternateFileName="")) returned 1 [0027.849] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d705b70, cFileName="..", cAlternateFileName="")) returned 0 [0027.849] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2040 | out: hHeap=0x6d0000) returned 1 [0027.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f30 | out: hHeap=0x6d0000) returned 1 [0027.849] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x125db390, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x58b, cFileName="index.dat", cAlternateFileName="")) returned 1 [0027.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1e78 [0027.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f30 [0027.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e78 | out: hHeap=0x6d0000) returned 1 [0027.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0027.849] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x8000, lpOverlapped=0x0) returned 1 [0027.851] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.851] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x8000, lpOverlapped=0x0) returned 1 [0027.851] CloseHandle (hObject=0x48) returned 1 [0027.851] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f2040 [0027.851] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat.adv")) returned 1 [0027.851] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2040 | out: hHeap=0x6d0000) returned 1 [0027.851] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f30 | out: hHeap=0x6d0000) returned 1 [0027.852] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x58b, cFileName="OWLVMZRC", cAlternateFileName="")) returned 1 [0027.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1e78 [0027.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f30 [0027.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e78 | out: hHeap=0x6d0000) returned 1 [0027.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f2040 [0027.852] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x336, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.852] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x336, cFileName="..", cAlternateFileName="")) returned 1 [0027.852] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x336, cFileName="..", cAlternateFileName="")) returned 0 [0027.852] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2040 | out: hHeap=0x6d0000) returned 1 [0027.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f30 | out: hHeap=0x6d0000) returned 1 [0027.852] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x58b, cFileName="OWLVMZRC", cAlternateFileName="")) returned 0 [0027.852] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cd8 | out: hHeap=0x6d0000) returned 1 [0027.852] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x65d58120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65d58120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65d58120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23f4, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="frameiconcache.dat", cAlternateFileName="FRAMEI~1.DAT")) returned 1 [0027.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0cd8 [0027.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.853] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23f4, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x23f4, lpOverlapped=0x0) returned 1 [0027.855] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.855] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23f4, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x23f4, lpOverlapped=0x0) returned 1 [0027.855] CloseHandle (hObject=0x44) returned 1 [0027.855] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0db8 [0027.855] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat.adv")) returned 1 [0027.855] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.855] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cd8 | out: hHeap=0x6d0000) returned 1 [0027.855] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95014270, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x95014270, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x95014270, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="MSIMGSIZ.DAT", cAlternateFileName="")) returned 1 [0027.855] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.855] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0cd8 [0027.855] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.856] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4000, lpOverlapped=0x0) returned 1 [0027.858] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.858] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4000, lpOverlapped=0x0) returned 1 [0027.858] CloseHandle (hObject=0x44) returned 1 [0027.858] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0db8 [0027.858] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat.adv")) returned 1 [0027.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cd8 | out: hHeap=0x6d0000) returned 1 [0027.859] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Recovery", cAlternateFileName="")) returned 1 [0027.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0cd8 [0027.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0027.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0db8 [0027.859] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x589, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.859] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x589, cFileName="..", cAlternateFileName="")) returned 1 [0027.859] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x589, cFileName="Active", cAlternateFileName="")) returned 1 [0027.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1e78 [0027.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1f30 [0027.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1fe8 [0027.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f30 | out: hHeap=0x6d0000) returned 1 [0027.859] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.859] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName="..", cAlternateFileName="")) returned 1 [0027.859] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName="..", cAlternateFileName="")) returned 0 [0027.859] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fe8 | out: hHeap=0x6d0000) returned 1 [0027.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e78 | out: hHeap=0x6d0000) returned 1 [0027.860] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x589, cFileName="Last Active", cAlternateFileName="LASTAC~1")) returned 1 [0027.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1e78 [0027.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f30 [0027.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e78 | out: hHeap=0x6d0000) returned 1 [0027.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f2040 [0027.860] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.862] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName="..", cAlternateFileName="")) returned 1 [0027.862] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe35acf0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe35acf0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="RECOVE~2.DAT")) returned 1 [0027.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f3110 [0027.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f31d8 [0027.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3110 | out: hHeap=0x6d0000) returned 1 [0027.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.862] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xe00, lpOverlapped=0x0) returned 1 [0027.864] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.864] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xe00, lpOverlapped=0x0) returned 1 [0027.864] CloseHandle (hObject=0x4c) returned 1 [0027.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f3310 [0027.864] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat.adv")) returned 1 [0027.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0027.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d8 | out: hHeap=0x6d0000) returned 1 [0027.865] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6dd28c60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd28c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe35acf0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", cAlternateFileName="RECOVE~1.DAT")) returned 1 [0027.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f3110 [0027.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f31d8 [0027.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3110 | out: hHeap=0x6d0000) returned 1 [0027.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.865] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1200, lpOverlapped=0x0) returned 1 [0027.867] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.867] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1200, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1200, lpOverlapped=0x0) returned 1 [0027.867] CloseHandle (hObject=0x4c) returned 1 [0027.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f3310 [0027.867] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat.adv")) returned 1 [0027.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0027.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d8 | out: hHeap=0x6d0000) returned 1 [0027.868] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe35acf0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe35acf0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe35acf0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="{4BD65~1.DAT")) returned 1 [0027.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f3110 [0027.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6f31d8 [0027.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3110 | out: hHeap=0x6d0000) returned 1 [0027.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.868] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1200, lpOverlapped=0x0) returned 1 [0027.870] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.870] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1200, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1200, lpOverlapped=0x0) returned 1 [0027.870] CloseHandle (hObject=0x4c) returned 1 [0027.870] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f3300 [0027.870] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat.adv")) returned 1 [0027.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3300 | out: hHeap=0x6d0000) returned 1 [0027.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d8 | out: hHeap=0x6d0000) returned 1 [0027.871] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30603250, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="{69512~1.DAT")) returned 1 [0027.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f3110 [0027.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6f31d8 [0027.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3110 | out: hHeap=0x6d0000) returned 1 [0027.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0027.872] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1200, lpOverlapped=0x0) returned 1 [0027.873] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.873] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1200, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1200, lpOverlapped=0x0) returned 1 [0027.874] CloseHandle (hObject=0x4c) returned 1 [0027.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f3300 [0027.874] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat.adv")) returned 1 [0027.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3300 | out: hHeap=0x6d0000) returned 1 [0027.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d8 | out: hHeap=0x6d0000) returned 1 [0027.874] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30603250, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x1d2dd9e, dwReserved1=0x6db5fbe0, cFileName="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="{69512~1.DAT")) returned 0 [0027.874] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0027.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2040 | out: hHeap=0x6d0000) returned 1 [0027.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f30 | out: hHeap=0x6d0000) returned 1 [0027.874] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x589, cFileName="Last Active", cAlternateFileName="LASTAC~1")) returned 0 [0027.874] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0027.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0db8 | out: hHeap=0x6d0000) returned 1 [0027.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0cd8 | out: hHeap=0x6d0000) returned 1 [0027.874] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Recovery", cAlternateFileName="")) returned 0 [0027.875] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0027.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0027.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0027.875] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0027.875] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0027.875] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0027.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0027.875] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0027.875] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0027.876] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0027.876] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2cf59b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0027.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0bf8 [0027.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0c90 [0027.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0027.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.877] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x105000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x105000, lpOverlapped=0x0) returned 1 [0027.897] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.897] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x105000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x105000, lpOverlapped=0x0) returned 1 [0027.902] CloseHandle (hObject=0x44) returned 1 [0027.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0d70 [0027.902] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb.adv")) returned 1 [0027.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0027.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0027.903] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2cf33a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2cf33a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1106c, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0027.903] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0bf8 [0027.903] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0c90 [0027.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0027.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0027.903] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1106c, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x1106c, lpOverlapped=0x0) returned 1 [0027.906] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.906] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1106c, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x1106c, lpOverlapped=0x0) returned 1 [0027.906] CloseHandle (hObject=0x44) returned 1 [0027.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d70 [0027.906] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb.adv")) returned 1 [0027.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0027.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0027.906] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0027.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0bf8 [0027.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0c90 [0027.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0027.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d70 [0027.907] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x594, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0027.907] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x594, cFileName="..", cAlternateFileName="")) returned 1 [0027.907] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x594, cFileName="en-US", cAlternateFileName="")) returned 1 [0027.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1e30 [0027.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1ee8 [0027.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1fa0 [0027.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ee8 | out: hHeap=0x6d0000) returned 1 [0027.907] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0027.907] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="..", cAlternateFileName="")) returned 1 [0027.907] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="0000E713", cAlternateFileName="")) returned 1 [0027.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1ee8 [0027.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f30b8 [0027.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ee8 | out: hHeap=0x6d0000) returned 1 [0027.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f31c8 [0027.907] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0027.909] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="..", cAlternateFileName="")) returned 1 [0027.909] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0027.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.910] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x414, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x414, lpOverlapped=0x0) returned 1 [0027.911] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.912] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x414, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x414, lpOverlapped=0x0) returned 1 [0027.912] CloseHandle (hObject=0x50) returned 1 [0027.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0027.912] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl.adv")) returned 1 [0027.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.912] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0027.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.913] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ff, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4ff, lpOverlapped=0x0) returned 1 [0027.916] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.916] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ff, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4ff, lpOverlapped=0x0) returned 1 [0027.916] CloseHandle (hObject=0x50) returned 1 [0027.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f34b8 [0027.917] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl.adv")) returned 1 [0027.917] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.917] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.917] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0027.917] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.917] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.917] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.917] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f3, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4f3, lpOverlapped=0x0) returned 1 [0027.920] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.920] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f3, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4f3, lpOverlapped=0x0) returned 1 [0027.920] CloseHandle (hObject=0x50) returned 1 [0027.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0027.920] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl.adv")) returned 1 [0027.921] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.921] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.921] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0027.921] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.921] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.921] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.922] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x504, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x504, lpOverlapped=0x0) returned 1 [0027.923] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.923] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x504, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x504, lpOverlapped=0x0) returned 1 [0027.923] CloseHandle (hObject=0x50) returned 1 [0027.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f34b8 [0027.923] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl.adv")) returned 1 [0027.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.924] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0027.924] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.924] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.924] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.924] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x31d, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x31d, lpOverlapped=0x0) returned 1 [0027.927] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.927] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x31d, lpOverlapped=0x0) returned 1 [0027.927] CloseHandle (hObject=0x50) returned 1 [0027.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f34b8 [0027.927] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl.adv")) returned 1 [0027.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.927] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0027.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.928] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x311, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x311, lpOverlapped=0x0) returned 1 [0027.930] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.930] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x311, lpOverlapped=0x0) returned 1 [0027.930] CloseHandle (hObject=0x50) returned 1 [0027.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0027.930] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl.adv")) returned 1 [0027.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.931] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0027.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.931] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x410, lpOverlapped=0x0) returned 1 [0027.932] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.932] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x410, lpOverlapped=0x0) returned 1 [0027.933] CloseHandle (hObject=0x50) returned 1 [0027.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f34b8 [0027.933] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl.adv")) returned 1 [0027.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.933] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0027.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.934] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fc, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x3fc, lpOverlapped=0x0) returned 1 [0027.936] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.936] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x3fc, lpOverlapped=0x0) returned 1 [0027.936] CloseHandle (hObject=0x50) returned 1 [0027.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0027.936] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl.adv")) returned 1 [0027.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.939] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0027.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.939] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x401, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x401, lpOverlapped=0x0) returned 1 [0027.941] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.941] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x401, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x401, lpOverlapped=0x0) returned 1 [0027.941] CloseHandle (hObject=0x50) returned 1 [0027.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0027.941] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl.adv")) returned 1 [0027.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.941] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0027.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.942] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x427, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x427, lpOverlapped=0x0) returned 1 [0027.943] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.943] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x427, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x427, lpOverlapped=0x0) returned 1 [0027.944] CloseHandle (hObject=0x50) returned 1 [0027.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f34b8 [0027.944] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl.adv")) returned 1 [0027.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.944] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0027.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.947] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x249, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x249, lpOverlapped=0x0) returned 1 [0027.948] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.948] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x249, lpOverlapped=0x0) returned 1 [0027.948] CloseHandle (hObject=0x50) returned 1 [0027.948] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f34b8 [0027.948] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl.adv")) returned 1 [0027.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.949] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0027.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.950] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x437, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x437, lpOverlapped=0x0) returned 1 [0027.951] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.951] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x437, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x437, lpOverlapped=0x0) returned 1 [0027.951] CloseHandle (hObject=0x50) returned 1 [0027.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f34b8 [0027.952] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl.adv")) returned 1 [0027.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.952] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 0 [0027.952] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0027.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31c8 | out: hHeap=0x6d0000) returned 1 [0027.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30b8 | out: hHeap=0x6d0000) returned 1 [0027.952] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="00010C6E", cAlternateFileName="")) returned 1 [0027.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1ee8 [0027.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f30b8 [0027.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1ee8 | out: hHeap=0x6d0000) returned 1 [0027.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f31c8 [0027.953] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0027.954] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="..", cAlternateFileName="")) returned 1 [0027.954] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0027.954] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.954] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.955] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x414, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x414, lpOverlapped=0x0) returned 1 [0027.956] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.956] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x414, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x414, lpOverlapped=0x0) returned 1 [0027.956] CloseHandle (hObject=0x50) returned 1 [0027.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0027.956] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.adv")) returned 1 [0027.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.957] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0027.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.958] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ff, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4ff, lpOverlapped=0x0) returned 1 [0027.959] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.959] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ff, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4ff, lpOverlapped=0x0) returned 1 [0027.959] CloseHandle (hObject=0x50) returned 1 [0027.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f34b8 [0027.960] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.adv")) returned 1 [0027.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.960] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0027.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.961] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f3, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4f3, lpOverlapped=0x0) returned 1 [0027.962] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.962] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f3, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4f3, lpOverlapped=0x0) returned 1 [0027.962] CloseHandle (hObject=0x50) returned 1 [0027.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0027.962] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.adv")) returned 1 [0027.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.963] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0027.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.964] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x504, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x504, lpOverlapped=0x0) returned 1 [0027.965] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.965] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x504, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x504, lpOverlapped=0x0) returned 1 [0027.965] CloseHandle (hObject=0x50) returned 1 [0027.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f34b8 [0027.966] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.adv")) returned 1 [0027.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.966] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0027.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.966] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x31d, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x31d, lpOverlapped=0x0) returned 1 [0027.968] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.968] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x31d, lpOverlapped=0x0) returned 1 [0027.968] CloseHandle (hObject=0x50) returned 1 [0027.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f34b8 [0027.968] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.adv")) returned 1 [0027.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.969] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0027.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.970] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x311, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x311, lpOverlapped=0x0) returned 1 [0027.971] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.971] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x311, lpOverlapped=0x0) returned 1 [0027.971] CloseHandle (hObject=0x50) returned 1 [0027.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0027.972] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.adv")) returned 1 [0027.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0027.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0027.972] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0027.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0027.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0027.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0027.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0027.973] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x410, lpOverlapped=0x0) returned 1 [0027.981] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0027.984] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x410, lpOverlapped=0x0) returned 1 [0027.991] CloseHandle (hObject=0x50) returned 1 [0027.995] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f34b8 [0027.995] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.adv")) returned 1 [0028.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0028.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0028.010] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0028.010] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0028.010] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0028.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0028.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.010] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fc, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x3fc, lpOverlapped=0x0) returned 1 [0028.016] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.016] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x3fc, lpOverlapped=0x0) returned 1 [0028.016] CloseHandle (hObject=0x50) returned 1 [0028.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0028.016] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.adv")) returned 1 [0028.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0028.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0028.020] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0028.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0028.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0028.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0028.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.020] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x401, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x401, lpOverlapped=0x0) returned 1 [0028.022] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.022] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x401, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x401, lpOverlapped=0x0) returned 1 [0028.022] CloseHandle (hObject=0x50) returned 1 [0028.022] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f34b8 [0028.022] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.adv")) returned 1 [0028.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0028.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0028.023] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0028.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0028.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0028.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0028.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.024] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x427, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x427, lpOverlapped=0x0) returned 1 [0028.025] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.025] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x427, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x427, lpOverlapped=0x0) returned 1 [0028.025] CloseHandle (hObject=0x50) returned 1 [0028.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f34b8 [0028.025] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.adv")) returned 1 [0028.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0028.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0028.026] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0028.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0028.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0028.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0028.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.027] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x249, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x249, lpOverlapped=0x0) returned 1 [0028.028] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.028] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x249, lpOverlapped=0x0) returned 1 [0028.028] CloseHandle (hObject=0x50) returned 1 [0028.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f34b8 [0028.029] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.adv")) returned 1 [0028.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0028.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0028.029] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0028.029] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a0 [0028.029] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3378 [0028.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a0 | out: hHeap=0x6d0000) returned 1 [0028.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.030] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x437, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x437, lpOverlapped=0x0) returned 1 [0028.031] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.031] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x437, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x437, lpOverlapped=0x0) returned 1 [0028.031] CloseHandle (hObject=0x50) returned 1 [0028.031] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f34b8 [0028.031] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.adv")) returned 1 [0028.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34b8 | out: hHeap=0x6d0000) returned 1 [0028.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3378 | out: hHeap=0x6d0000) returned 1 [0028.032] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x1d2dd9c, dwReserved1=0x2ca96f80, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 0 [0028.032] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0028.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31c8 | out: hHeap=0x6d0000) returned 1 [0028.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30b8 | out: hHeap=0x6d0000) returned 1 [0028.032] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="00010C6E", cAlternateFileName="")) returned 0 [0028.032] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1fa0 | out: hHeap=0x6d0000) returned 1 [0028.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e30 | out: hHeap=0x6d0000) returned 1 [0028.032] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x594, cFileName="en-US", cAlternateFileName="")) returned 0 [0028.032] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0028.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0028.032] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 1 [0028.032] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0bf8 [0028.032] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0c90 [0028.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0bf8 | out: hHeap=0x6d0000) returned 1 [0028.032] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0d70 [0028.032] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x594, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.033] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x594, cFileName="..", cAlternateFileName="")) returned 1 [0028.033] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x594, cFileName="..", cAlternateFileName="")) returned 0 [0028.033] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d70 | out: hHeap=0x6d0000) returned 1 [0028.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c90 | out: hHeap=0x6d0000) returned 1 [0028.033] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 0 [0028.033] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0028.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0028.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0028.033] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Office", cAlternateFileName="")) returned 1 [0028.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0028.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0028.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0028.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0028.033] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0028.034] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0028.034] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="14.0", cAlternateFileName="")) returned 1 [0028.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.034] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.035] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="..", cAlternateFileName="")) returned 1 [0028.035] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="OfficeFileCache", cAlternateFileName="OFFICE~1")) returned 1 [0028.035] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.035] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.035] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.035] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1f50 [0028.035] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xf7a855a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.035] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xf7a855a0, cFileName="..", cAlternateFileName="")) returned 1 [0028.035] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7aab700, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7aab700, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x1d2dda4, dwReserved1=0xf7a855a0, cFileName="FSD-CNRY.FSD", cAlternateFileName="")) returned 1 [0028.035] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f3010 [0028.035] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f30c8 [0028.035] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3010 | out: hHeap=0x6d0000) returned 1 [0028.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0028.036] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x20000, lpOverlapped=0x0) returned 1 [0028.038] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.039] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x20000, lpOverlapped=0x0) returned 1 [0028.039] CloseHandle (hObject=0x4c) returned 1 [0028.039] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f31d8 [0028.039] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd.adv")) returned 1 [0028.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d8 | out: hHeap=0x6d0000) returned 1 [0028.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30c8 | out: hHeap=0x6d0000) returned 1 [0028.041] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x1d2dda4, dwReserved1=0xf7a855a0, cFileName="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", cAlternateFileName="FSD-{4~1.FSD")) returned 1 [0028.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f3010 [0028.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f30c8 [0028.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3010 | out: hHeap=0x6d0000) returned 1 [0028.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0028.042] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x20000, lpOverlapped=0x0) returned 1 [0028.044] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.044] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x20000, lpOverlapped=0x0) returned 1 [0028.045] CloseHandle (hObject=0x4c) returned 1 [0028.045] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f31e0 [0028.045] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd.adv")) returned 1 [0028.045] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31e0 | out: hHeap=0x6d0000) returned 1 [0028.045] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30c8 | out: hHeap=0x6d0000) returned 1 [0028.045] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x72, dwReserved0=0x1d2dda4, dwReserved1=0xf7a855a0, cFileName="FSF-CTBL.FSF", cAlternateFileName="")) returned 1 [0028.045] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f3010 [0028.045] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f30c8 [0028.045] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3010 | out: hHeap=0x6d0000) returned 1 [0028.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0028.046] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x72, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x72, lpOverlapped=0x0) returned 1 [0028.047] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.047] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x72, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x72, lpOverlapped=0x0) returned 1 [0028.047] CloseHandle (hObject=0x4c) returned 1 [0028.047] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f31d8 [0028.047] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf.adv")) returned 1 [0028.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d8 | out: hHeap=0x6d0000) returned 1 [0028.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30c8 | out: hHeap=0x6d0000) returned 1 [0028.048] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x72, dwReserved0=0x1d2dda4, dwReserved1=0xf7a855a0, cFileName="FSF-CTBL.FSF", cAlternateFileName="")) returned 0 [0028.048] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.048] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="OfficeFileCache", cAlternateFileName="OFFICE~1")) returned 0 [0028.048] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.048] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Groove", cAlternateFileName="")) returned 1 [0028.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.048] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.048] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="..", cAlternateFileName="")) returned 1 [0028.048] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="System", cAlternateFileName="")) returned 1 [0028.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1f50 [0028.048] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4f780d90, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.049] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4f780d90, cFileName="..", cAlternateFileName="")) returned 1 [0028.049] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4f780d90, cFileName="..", cAlternateFileName="")) returned 0 [0028.049] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.049] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="User", cAlternateFileName="")) returned 1 [0028.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1f50 [0028.049] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4f780d90, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.049] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4f780d90, cFileName="..", cAlternateFileName="")) returned 1 [0028.049] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4f780d90, cFileName="..", cAlternateFileName="")) returned 0 [0028.049] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.049] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="User", cAlternateFileName="")) returned 0 [0028.049] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.049] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="ONetConfig", cAlternateFileName="ONETCO~1")) returned 1 [0028.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0dd0 [0028.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.049] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.050] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="..", cAlternateFileName="")) returned 1 [0028.050] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x80, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="350db95df4cbd94b2a1c300510e12e11.sig", cAlternateFileName="350DB9~1.SIG")) returned 1 [0028.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.050] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f1f98 [0028.050] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.051] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x80, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x80, lpOverlapped=0x0) returned 1 [0028.052] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.052] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x80, lpOverlapped=0x0) returned 1 [0028.052] CloseHandle (hObject=0x48) returned 1 [0028.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f20e0 [0028.053] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig.adv")) returned 1 [0028.053] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20e0 | out: hHeap=0x6d0000) returned 1 [0028.053] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f98 | out: hHeap=0x6d0000) returned 1 [0028.053] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x7ef, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="350db95df4cbd94b2a1c300510e12e11.xml", cAlternateFileName="350DB9~1.XML")) returned 1 [0028.053] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.053] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.053] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.053] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f1f98 [0028.053] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.053] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7ef, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7ef, lpOverlapped=0x0) returned 1 [0028.055] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.055] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7ef, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7ef, lpOverlapped=0x0) returned 1 [0028.055] CloseHandle (hObject=0x48) returned 1 [0028.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f20e0 [0028.055] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml.adv")) returned 1 [0028.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20e0 | out: hHeap=0x6d0000) returned 1 [0028.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f98 | out: hHeap=0x6d0000) returned 1 [0028.056] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x7ef, dwReserved0=0x1d2dda2, dwReserved1=0x4bb72310, cFileName="350db95df4cbd94b2a1c300510e12e11.xml", cAlternateFileName="350DB9~1.XML")) returned 0 [0028.056] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.056] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0dd0 | out: hHeap=0x6d0000) returned 1 [0028.056] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.056] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="ONetConfig", cAlternateFileName="ONETCO~1")) returned 0 [0028.056] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0028.056] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0028.056] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0028.056] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Outlook", cAlternateFileName="")) returned 1 [0028.056] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0028.056] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0028.056] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0028.056] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0028.056] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0028.056] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0028.056] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3dc8cc40, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3dc8cc40, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3dc8cc40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="mapisvc.inf", cAlternateFileName="")) returned 1 [0028.056] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.057] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.057] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0028.057] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x462, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x462, lpOverlapped=0x0) returned 1 [0028.058] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.058] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x462, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x462, lpOverlapped=0x0) returned 1 [0028.058] CloseHandle (hObject=0x44) returned 1 [0028.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d38 [0028.058] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf.adv")) returned 1 [0028.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.059] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5c4d2d00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4d2d00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4d2d00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xb9, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Outlook.sharing.xml.obi", cAlternateFileName="OUTLOO~1.OBI")) returned 1 [0028.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0028.059] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb9, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xb9, lpOverlapped=0x0) returned 1 [0028.060] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.060] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb9, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xb9, lpOverlapped=0x0) returned 1 [0028.060] CloseHandle (hObject=0x44) returned 1 [0028.060] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0d38 [0028.061] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi.adv")) returned 1 [0028.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.061] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 1 [0028.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0dd0 [0028.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.061] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x598, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.061] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x598, cFileName="..", cAlternateFileName="")) returned 1 [0028.061] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x60a26dc0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x598, cFileName="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0028.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f1f98 [0028.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.062] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x104, lpOverlapped=0x0) returned 1 [0028.063] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.063] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x104, lpOverlapped=0x0) returned 1 [0028.063] CloseHandle (hObject=0x48) returned 1 [0028.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f20e0 [0028.063] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat.adv")) returned 1 [0028.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f20e0 | out: hHeap=0x6d0000) returned 1 [0028.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f98 | out: hHeap=0x6d0000) returned 1 [0028.064] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x60a26dc0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x598, cFileName="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0028.064] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0dd0 | out: hHeap=0x6d0000) returned 1 [0028.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.064] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 0 [0028.064] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0028.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0028.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0028.064] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0028.064] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0028.064] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0028.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0028.064] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0028.064] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6efbe0 [0028.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0028.064] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0028.066] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0028.066] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 0 [0028.066] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0028.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbe0 | out: hHeap=0x6d0000) returned 1 [0028.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0028.066] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="TaskSchedulerConfig", cAlternateFileName="TASKSC~1")) returned 1 [0028.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0028.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0028.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0028.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efb58 [0028.066] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0028.066] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0028.066] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 0 [0028.067] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0028.067] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0028.067] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0028.067] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Visio", cAlternateFileName="")) returned 1 [0028.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0028.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0028.067] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0028.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0028.067] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0028.067] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0028.067] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5ef99320, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5efe55e0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x18ce0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="content14.dat", cAlternateFileName="CONTEN~1.DAT")) returned 1 [0028.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.068] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0028.068] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18ce0, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x18ce0, lpOverlapped=0x0) returned 1 [0028.071] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.071] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18ce0, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x18ce0, lpOverlapped=0x0) returned 1 [0028.071] CloseHandle (hObject=0x44) returned 1 [0028.071] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d38 [0028.071] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat.adv")) returned 1 [0028.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.072] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x976e3d80, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x976e3d80, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x5f055ac0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1f400, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="thumbs.dat", cAlternateFileName="")) returned 1 [0028.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0028.072] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f400, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x1f400, lpOverlapped=0x0) returned 1 [0028.075] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.075] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f400, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x1f400, lpOverlapped=0x0) returned 1 [0028.075] CloseHandle (hObject=0x44) returned 1 [0028.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d38 [0028.075] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat.adv")) returned 1 [0028.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.076] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x976e3d80, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x976e3d80, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x5f055ac0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1f400, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="thumbs.dat", cAlternateFileName="")) returned 0 [0028.076] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0028.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0028.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0028.076] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Windows", cAlternateFileName="")) returned 1 [0028.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0028.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0028.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0028.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6efb58 [0028.076] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0028.076] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0028.076] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x666948e0, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x666948e0, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x666948e0, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="1024", cAlternateFileName="")) returned 1 [0028.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.076] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1024\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x666948e0, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x666948e0, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x666948e0, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.077] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x666948e0, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x666948e0, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x666948e0, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0028.078] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x666948e0, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x666948e0, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x666948e0, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 0 [0028.078] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.078] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x34d50a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x34ef3970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="1033", cAlternateFileName="")) returned 1 [0028.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.078] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x34d50a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x34ef3970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.079] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x34d50a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x34ef3970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0028.079] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ef3970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8ecd4180, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x49098, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="StructuredQuerySchema.bin", cAlternateFileName="STRUCT~1.BIN")) returned 1 [0028.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.079] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x49098, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x49098, lpOverlapped=0x0) returned 1 [0028.084] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.084] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x49098, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x49098, lpOverlapped=0x0) returned 1 [0028.085] CloseHandle (hObject=0x48) returned 1 [0028.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f1f50 [0028.085] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin.adv")) returned 1 [0028.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.086] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ef3970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8ecd4180, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x49098, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="StructuredQuerySchema.bin", cAlternateFileName="STRUCT~1.BIN")) returned 0 [0028.086] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.086] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x926116d0, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x926116d0, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Burn", cAlternateFileName="")) returned 1 [0028.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.086] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x926116d0, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x926116d0, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.086] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x926116d0, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x926116d0, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0028.086] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Burn", cAlternateFileName="")) returned 1 [0028.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1e70 [0028.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1f08 [0028.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.086] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.087] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName="..", cAlternateFileName="")) returned 1 [0028.087] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1e70 [0028.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f2ff0 [0028.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0028.087] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xae, lpOverlapped=0x0) returned 1 [0028.088] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.088] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xae, lpOverlapped=0x0) returned 1 [0028.088] CloseHandle (hObject=0x4c) returned 1 [0028.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f30d0 [0028.088] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini.adv")) returned 1 [0028.089] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30d0 | out: hHeap=0x6d0000) returned 1 [0028.089] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2ff0 | out: hHeap=0x6d0000) returned 1 [0028.089] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0028.089] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.089] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f08 | out: hHeap=0x6d0000) returned 1 [0028.089] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.089] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3b9ee2a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f30c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Burn1", cAlternateFileName="")) returned 1 [0028.089] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.089] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.089] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.089] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1f50 [0028.089] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3b9ee2a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f30c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.090] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3b9ee2a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f30c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName="..", cAlternateFileName="")) returned 1 [0028.090] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3b9f09b0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f09b0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.090] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f3000 [0028.090] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f30a8 [0028.090] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3000 | out: hHeap=0x6d0000) returned 1 [0028.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0028.090] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xae, lpOverlapped=0x0) returned 1 [0028.091] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.091] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xae, lpOverlapped=0x0) returned 1 [0028.091] CloseHandle (hObject=0x4c) returned 1 [0028.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f31a0 [0028.091] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini.adv")) returned 1 [0028.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31a0 | out: hHeap=0x6d0000) returned 1 [0028.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30a8 | out: hHeap=0x6d0000) returned 1 [0028.092] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3b9f09b0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f09b0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0028.092] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.092] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x926116d0, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Burn2", cAlternateFileName="")) returned 1 [0028.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1f50 [0028.092] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x926116d0, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.093] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x926116d0, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName="..", cAlternateFileName="")) returned 1 [0028.093] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x92637830, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f3000 [0028.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f30a8 [0028.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3000 | out: hHeap=0x6d0000) returned 1 [0028.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0028.094] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xae, lpOverlapped=0x0) returned 1 [0028.095] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.095] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xae, lpOverlapped=0x0) returned 1 [0028.095] CloseHandle (hObject=0x4c) returned 1 [0028.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f31a0 [0028.096] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini.adv")) returned 1 [0028.096] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31a0 | out: hHeap=0x6d0000) returned 1 [0028.096] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30a8 | out: hHeap=0x6d0000) returned 1 [0028.096] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x92637830, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x926116d0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0028.096] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.096] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.096] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.096] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x926116d0, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Burn2", cAlternateFileName="")) returned 0 [0028.096] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.096] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.096] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.096] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x13d55540, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x13d55540, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Caches", cAlternateFileName="")) returned 1 [0028.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.096] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.096] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x13d55540, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x13d55540, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.097] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x13d55540, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x13d55540, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0028.097] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa1c6ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa1c6ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaa1c6ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="cversions.1.db", cAlternateFileName="CVERSI~1.DB")) returned 1 [0028.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.097] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0028.098] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.098] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0028.098] CloseHandle (hObject=0x48) returned 1 [0028.098] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1f50 [0028.098] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db.adv")) returned 1 [0028.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.099] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x408bd0, ftCreationTime.dwHighDateTime=0x1d3b051, ftLastAccessTime.dwLowDateTime=0x408bd0, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x408bd0, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x18388, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", cAlternateFileName="{AFBF9~3.DB")) returned 1 [0028.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f1e70 [0028.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.100] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18388, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18388, lpOverlapped=0x0) returned 1 [0028.110] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.110] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18388, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18388, lpOverlapped=0x0) returned 1 [0028.110] CloseHandle (hObject=0x48) returned 1 [0028.110] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f88 [0028.110] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db.adv")) returned 1 [0028.111] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f88 | out: hHeap=0x6d0000) returned 1 [0028.111] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.111] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x13d2f3e0, ftCreationTime.dwHighDateTime=0x1d3b051, ftLastAccessTime.dwLowDateTime=0x13d2f3e0, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x13d2f3e0, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x1ea08, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db", cAlternateFileName="{AFBF9~1.DB")) returned 1 [0028.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f1e70 [0028.111] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.112] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1ea08, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1ea08, lpOverlapped=0x0) returned 1 [0028.114] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.114] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1ea08, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1ea08, lpOverlapped=0x0) returned 1 [0028.115] CloseHandle (hObject=0x48) returned 1 [0028.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f1f88 [0028.123] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db.adv")) returned 1 [0028.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f88 | out: hHeap=0x6d0000) returned 1 [0028.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.123] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x13d2f3e0, ftCreationTime.dwHighDateTime=0x1d3b051, ftLastAccessTime.dwLowDateTime=0x13d2f3e0, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x13d2f3e0, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x1ea08, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db", cAlternateFileName="{AFBF9~1.DB")) returned 0 [0028.124] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.124] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.124] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.124] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Explorer", cAlternateFileName="")) returned 1 [0028.124] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.124] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.124] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.124] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.124] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0dd0 [0028.124] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.124] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.124] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0028.124] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x30db3250, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="ExplorerStartupLog.etl", cAlternateFileName="EXPLOR~2.ETL")) returned 1 [0028.124] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.124] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.124] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.125] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6000, lpOverlapped=0x0) returned 1 [0028.126] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.126] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6000, lpOverlapped=0x0) returned 1 [0028.127] CloseHandle (hObject=0x48) returned 1 [0028.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f1f98 [0028.127] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl.adv")) returned 1 [0028.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f98 | out: hHeap=0x6d0000) returned 1 [0028.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.127] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x54aad4c0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="ExplorerStartupLog_RunOnce.etl", cAlternateFileName="EXPLOR~1.ETL")) returned 1 [0028.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.128] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.128] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.128] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0028.130] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.130] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0028.130] CloseHandle (hObject=0x48) returned 1 [0028.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f1f98 [0028.130] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl.adv")) returned 1 [0028.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f98 | out: hHeap=0x6d0000) returned 1 [0028.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.131] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="thumbcache_1024.db", cAlternateFileName="TH78CB~1.DB")) returned 1 [0028.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0028.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.131] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="thumbcache_256.db", cAlternateFileName="THUMBC~4.DB")) returned 1 [0028.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0028.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.131] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33ad1360, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33ad1360, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33ad1360, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="thumbcache_32.db", cAlternateFileName="THUMBC~2.DB")) returned 1 [0028.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0028.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.132] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33ad1360, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33ad1360, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33ad1360, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="thumbcache_96.db", cAlternateFileName="THUMBC~3.DB")) returned 1 [0028.132] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.132] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0028.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.132] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33ad1360, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33ad1360, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33ad1360, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0xcb8, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="thumbcache_idx.db", cAlternateFileName="THUMBC~1.DB")) returned 1 [0028.132] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.132] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0028.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.132] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="thumbcache_sr.db", cAlternateFileName="TH0F82~1.DB")) returned 1 [0028.132] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.132] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1eb8 [0028.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0028.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1eb8 | out: hHeap=0x6d0000) returned 1 [0028.132] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="thumbcache_sr.db", cAlternateFileName="TH0F82~1.DB")) returned 0 [0028.133] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0dd0 | out: hHeap=0x6d0000) returned 1 [0028.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.133] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="GameExplorer", cAlternateFileName="GAMEEX~1")) returned 1 [0028.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0d38 [0028.133] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.133] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0028.133] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 0 [0028.133] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.133] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="History", cAlternateFileName="")) returned 1 [0028.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.133] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.134] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0028.134] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.134] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x91, lpOverlapped=0x0) returned 1 [0028.135] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.135] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x91, lpOverlapped=0x0) returned 1 [0028.135] CloseHandle (hObject=0x48) returned 1 [0028.135] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1f50 [0028.135] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini.adv")) returned 1 [0028.135] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.135] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.135] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa1c7d410, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa1c7d410, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="History.IE5", cAlternateFileName="")) returned 1 [0028.135] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.135] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.135] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.135] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f1f50 [0028.135] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa1c7d410, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa1c7d410, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x358, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.136] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa1c7d410, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa1c7d410, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x358, cFileName="..", cAlternateFileName="")) returned 1 [0028.136] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0x358, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.136] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f3010 [0028.136] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f30c8 [0028.136] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3010 | out: hHeap=0x6d0000) returned 1 [0028.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0028.136] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x91, lpOverlapped=0x0) returned 1 [0028.137] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.137] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x91, lpOverlapped=0x0) returned 1 [0028.137] CloseHandle (hObject=0x4c) returned 1 [0028.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f31d8 [0028.137] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini.adv")) returned 1 [0028.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d8 | out: hHeap=0x6d0000) returned 1 [0028.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30c8 | out: hHeap=0x6d0000) returned 1 [0028.138] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x54361220, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x358, cFileName="index.dat", cAlternateFileName="")) returned 1 [0028.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f3010 [0028.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f30c8 [0028.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3010 | out: hHeap=0x6d0000) returned 1 [0028.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0028.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30c8 | out: hHeap=0x6d0000) returned 1 [0028.138] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xa1c7d410, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa1c7d410, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa1c7d410, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x358, cFileName="MSHist012020010820200109", cAlternateFileName="MSHIST~1")) returned 1 [0028.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f3010 [0028.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f30c8 [0028.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3010 | out: hHeap=0x6d0000) returned 1 [0028.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f31d8 [0028.138] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020010820200109\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xa1c7d410, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa1c7d410, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa1c7d410, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2e0079, dwReserved1=0x450049, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0028.138] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xa1c7d410, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa1c7d410, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa1c7d410, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2e0079, dwReserved1=0x450049, cFileName="..", cAlternateFileName="")) returned 1 [0028.138] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xa1c7d410, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa1c7d410, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x54361220, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x2e0079, dwReserved1=0x450049, cFileName="index.dat", cAlternateFileName="")) returned 1 [0028.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f32c0 [0028.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f33a8 [0028.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32c0 | out: hHeap=0x6d0000) returned 1 [0028.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020010820200109\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012020010820200109\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0028.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f33a8 | out: hHeap=0x6d0000) returned 1 [0028.139] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xa1c7d410, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa1c7d410, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x54361220, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x2e0079, dwReserved1=0x450049, cFileName="index.dat", cAlternateFileName="")) returned 0 [0028.139] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0028.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d8 | out: hHeap=0x6d0000) returned 1 [0028.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30c8 | out: hHeap=0x6d0000) returned 1 [0028.139] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xa1c7d410, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa1c7d410, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa1c7d410, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x358, cFileName="MSHist012020010820200109", cAlternateFileName="MSHIST~1")) returned 0 [0028.139] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.139] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Low", cAlternateFileName="")) returned 1 [0028.139] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f1dd8 [0028.139] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f1e70 [0028.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1dd8 | out: hHeap=0x6d0000) returned 1 [0028.139] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f1f50 [0028.139] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x358, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.139] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x358, cFileName="..", cAlternateFileName="")) returned 1 [0028.139] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0x358, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.139] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f3000 [0028.139] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f30a8 [0028.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3000 | out: hHeap=0x6d0000) returned 1 [0028.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0028.143] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x91, lpOverlapped=0x0) returned 1 [0028.143] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.143] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x91, lpOverlapped=0x0) returned 1 [0028.144] CloseHandle (hObject=0x4c) returned 1 [0028.144] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f31a0 [0028.144] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini.adv")) returned 1 [0028.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31a0 | out: hHeap=0x6d0000) returned 1 [0028.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30a8 | out: hHeap=0x6d0000) returned 1 [0028.144] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x358, cFileName="History.IE5", cAlternateFileName="")) returned 1 [0028.144] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f3000 [0028.144] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f30a8 [0028.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3000 | out: hHeap=0x6d0000) returned 1 [0028.144] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f31a0 [0028.144] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10b, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0028.145] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10b, cFileName="..", cAlternateFileName="")) returned 1 [0028.145] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0x10b, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f3258 [0028.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f3310 [0028.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3258 | out: hHeap=0x6d0000) returned 1 [0028.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.145] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x91, lpOverlapped=0x0) returned 1 [0028.146] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.146] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x91, lpOverlapped=0x0) returned 1 [0028.146] CloseHandle (hObject=0x50) returned 1 [0028.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f3420 [0028.146] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini.adv")) returned 1 [0028.147] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3420 | out: hHeap=0x6d0000) returned 1 [0028.147] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0028.147] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f0b6db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0b6db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x432daef0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x10b, cFileName="index.dat", cAlternateFileName="")) returned 1 [0028.147] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f3258 [0028.147] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f3310 [0028.147] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3258 | out: hHeap=0x6d0000) returned 1 [0028.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.147] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x8000, lpOverlapped=0x0) returned 1 [0028.149] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.149] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x8000, lpOverlapped=0x0) returned 1 [0028.149] CloseHandle (hObject=0x50) returned 1 [0028.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f3420 [0028.149] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat.adv")) returned 1 [0028.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3420 | out: hHeap=0x6d0000) returned 1 [0028.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0028.152] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10b, cFileName="MSHist012017071220170713", cAlternateFileName="MSHIST~1")) returned 1 [0028.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f3258 [0028.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f3310 [0028.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3258 | out: hHeap=0x6d0000) returned 1 [0028.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3420 [0028.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3508 [0028.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3420 | out: hHeap=0x6d0000) returned 1 [0028.152] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb7, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0028.152] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb7, cFileName="..", cAlternateFileName="")) returned 1 [0028.152] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0xb7, cFileName="index.dat", cAlternateFileName="")) returned 1 [0028.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3420 [0028.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3660 [0028.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3420 | out: hHeap=0x6d0000) returned 1 [0028.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.153] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x8000, lpOverlapped=0x0) returned 1 [0028.155] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.155] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x8000, lpOverlapped=0x0) returned 1 [0028.155] CloseHandle (hObject=0x54) returned 1 [0028.155] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f37b8 [0028.155] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat.adv")) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f37b8 | out: hHeap=0x6d0000) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3660 | out: hHeap=0x6d0000) returned 1 [0028.156] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0xb7, cFileName="index.dat", cAlternateFileName="")) returned 0 [0028.156] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3508 | out: hHeap=0x6d0000) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0028.156] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10b, cFileName="MSHist012017071220170713", cAlternateFileName="MSHIST~1")) returned 0 [0028.156] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31a0 | out: hHeap=0x6d0000) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30a8 | out: hHeap=0x6d0000) returned 1 [0028.156] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x358, cFileName="History.IE5", cAlternateFileName="")) returned 0 [0028.156] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f50 | out: hHeap=0x6d0000) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1e70 | out: hHeap=0x6d0000) returned 1 [0028.156] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Low", cAlternateFileName="")) returned 0 [0028.156] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.156] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Ringtones", cAlternateFileName="RINGTO~1")) returned 1 [0028.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0d38 [0028.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0dd0 [0028.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.156] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.157] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0028.157] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 0 [0028.157] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0028.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0dd0 | out: hHeap=0x6d0000) returned 1 [0028.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0028.157] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe7138400, ftLastAccessTime.dwHighDateTime=0x1d2e625, ftLastWriteTime.dwLowDateTime=0xe7138400, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0028.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0be8 [0028.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0c70 [0028.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0be8 | out: hHeap=0x6d0000) returned 1 [0028.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d38 [0028.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0df0 [0028.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe7138400, ftLastAccessTime.dwHighDateTime=0x1d2e625, ftLastWriteTime.dwLowDateTime=0xe7138400, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0028.157] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe7138400, ftLastAccessTime.dwHighDateTime=0x1d2e625, ftLastWriteTime.dwLowDateTime=0xe7138400, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0028.157] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0028.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d38 [0028.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f08 [0028.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f2018 [0028.158] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.158] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="..", cAlternateFileName="")) returned 1 [0028.158] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e570c75, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f30f8 [0028.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f31d0 [0028.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30f8 | out: hHeap=0x6d0000) returned 1 [0028.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0028.158] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0028.160] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.160] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0028.160] CloseHandle (hObject=0x4c) returned 1 [0028.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f3310 [0028.160] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini.adv")) returned 1 [0028.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0028.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d0 | out: hHeap=0x6d0000) returned 1 [0028.161] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2ff9890, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="index.dat", cAlternateFileName="")) returned 1 [0028.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f30f8 [0028.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f31d0 [0028.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30f8 | out: hHeap=0x6d0000) returned 1 [0028.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0028.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d0 | out: hHeap=0x6d0000) returned 1 [0028.161] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0028.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f30f8 [0028.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f31d0 [0028.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30f8 | out: hHeap=0x6d0000) returned 1 [0028.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3310 [0028.161] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0028.163] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="..", cAlternateFileName="")) returned 1 [0028.163] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.163] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f33f8 [0028.163] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f34e0 [0028.163] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f33f8 | out: hHeap=0x6d0000) returned 1 [0028.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.163] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0028.164] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.164] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0028.164] CloseHandle (hObject=0x50) returned 1 [0028.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f3638 [0028.165] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.adv")) returned 1 [0028.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3638 | out: hHeap=0x6d0000) returned 1 [0028.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34e0 | out: hHeap=0x6d0000) returned 1 [0028.165] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0028.165] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0028.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0028.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d0 | out: hHeap=0x6d0000) returned 1 [0028.165] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="PMMR5K9K", cAlternateFileName="")) returned 1 [0028.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f30f8 [0028.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f31d0 [0028.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30f8 | out: hHeap=0x6d0000) returned 1 [0028.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3310 [0028.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0028.167] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="..", cAlternateFileName="")) returned 1 [0028.167] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f33f8 [0028.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f34e0 [0028.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f33f8 | out: hHeap=0x6d0000) returned 1 [0028.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.168] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0028.169] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.169] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0028.169] CloseHandle (hObject=0x50) returned 1 [0028.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f3638 [0028.169] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.adv")) returned 1 [0028.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3638 | out: hHeap=0x6d0000) returned 1 [0028.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34e0 | out: hHeap=0x6d0000) returned 1 [0028.169] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0028.170] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0028.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0028.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d0 | out: hHeap=0x6d0000) returned 1 [0028.170] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="RIJUQL1C", cAlternateFileName="")) returned 1 [0028.170] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f30f8 [0028.170] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f31d0 [0028.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30f8 | out: hHeap=0x6d0000) returned 1 [0028.170] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3310 [0028.170] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0028.172] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="..", cAlternateFileName="")) returned 1 [0028.172] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f33f8 [0028.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f34e0 [0028.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f33f8 | out: hHeap=0x6d0000) returned 1 [0028.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.172] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0028.173] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.173] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0028.173] CloseHandle (hObject=0x50) returned 1 [0028.173] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f3638 [0028.173] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.adv")) returned 1 [0028.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3638 | out: hHeap=0x6d0000) returned 1 [0028.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34e0 | out: hHeap=0x6d0000) returned 1 [0028.174] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0028.174] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0028.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0028.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d0 | out: hHeap=0x6d0000) returned 1 [0028.174] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="X9OHK109", cAlternateFileName="")) returned 1 [0028.174] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f30f8 [0028.174] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f31d0 [0028.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30f8 | out: hHeap=0x6d0000) returned 1 [0028.174] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3310 [0028.174] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0028.188] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="..", cAlternateFileName="")) returned 1 [0028.188] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.188] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f33f8 [0028.188] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f34e0 [0028.188] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f33f8 | out: hHeap=0x6d0000) returned 1 [0028.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.188] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0028.189] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.189] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0028.189] CloseHandle (hObject=0x50) returned 1 [0028.189] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f3638 [0028.189] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.adv")) returned 1 [0028.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3638 | out: hHeap=0x6d0000) returned 1 [0028.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34e0 | out: hHeap=0x6d0000) returned 1 [0028.190] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x6e0072, dwReserved1=0x740065, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0028.190] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0028.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3310 | out: hHeap=0x6d0000) returned 1 [0028.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d0 | out: hHeap=0x6d0000) returned 1 [0028.190] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="X9OHK109", cAlternateFileName="")) returned 0 [0028.190] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2018 | out: hHeap=0x6d0000) returned 1 [0028.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f08 | out: hHeap=0x6d0000) returned 1 [0028.190] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2dbf3370, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x2dbf3370, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Content.MSO", cAlternateFileName="")) returned 1 [0028.190] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d38 [0028.190] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f08 [0028.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.190] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f2018 [0028.190] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.MSO\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2dbf3370, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x2dbf3370, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.191] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2dbf3370, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x2dbf3370, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="..", cAlternateFileName="")) returned 1 [0028.191] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2dbf3370, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x2dbf3370, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="..", cAlternateFileName="")) returned 0 [0028.191] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.191] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2018 | out: hHeap=0x6d0000) returned 1 [0028.191] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f08 | out: hHeap=0x6d0000) returned 1 [0028.191] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x27b4c650, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27b4c650, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Content.Word", cAlternateFileName="CONTEN~1.WOR")) returned 1 [0028.191] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d38 [0028.191] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f08 [0028.191] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.192] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f2018 [0028.192] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x27b4c650, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x32c0a7d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.192] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x27b4c650, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x32c0a7d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="..", cAlternateFileName="")) returned 1 [0028.192] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x27b4c650, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x32c0a7d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xe7138400, cFileName="..", cAlternateFileName="")) returned 0 [0028.192] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0028.192] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2018 | out: hHeap=0x6d0000) returned 1 [0028.192] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f08 | out: hHeap=0x6d0000) returned 1 [0028.192] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe710360, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.192] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d38 [0028.192] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0028.193] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0028.194] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.194] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0028.194] CloseHandle (hObject=0x48) returned 1 [0028.194] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini.adv")) returned 1 [0028.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2018 | out: hHeap=0x6d0000) returned 1 [0028.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f08 | out: hHeap=0x6d0000) returned 1 [0028.195] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Low", cAlternateFileName="")) returned 1 [0028.195] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d38 [0028.195] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f08 [0028.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0028.195] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f2018 [0028.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x337, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0028.196] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x337, cFileName="..", cAlternateFileName="")) returned 1 [0028.196] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x337, cFileName="AntiPhishing", cAlternateFileName="ANTIPH~1")) returned 1 [0028.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f30e8 [0028.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6f31b0 [0028.196] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30e8 | out: hHeap=0x6d0000) returned 1 [0028.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32d8 [0028.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f33b0 [0028.196] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0028.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0028.196] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="..", cAlternateFileName="")) returned 1 [0028.196] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x47f94, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat", cAlternateFileName="2CEDBF~1.DAT")) returned 1 [0028.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32d8 [0028.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f34f0 [0028.196] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0028.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0028.196] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x47f94, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x47f94, lpOverlapped=0x0) returned 1 [0028.214] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.215] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x47f94, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x47f94, lpOverlapped=0x0) returned 1 [0028.215] CloseHandle (hObject=0x50) returned 1 [0028.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f3630 [0028.215] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat.adv")) returned 1 [0028.216] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.216] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34f0 | out: hHeap=0x6d0000) returned 1 [0028.216] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x47f94, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat", cAlternateFileName="2CEDBF~1.DAT")) returned 0 [0028.216] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0028.216] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f33b0 | out: hHeap=0x6d0000) returned 1 [0028.216] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31b0 | out: hHeap=0x6d0000) returned 1 [0028.216] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x337, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0028.216] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f30e8 [0028.216] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6f31b0 [0028.216] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30e8 | out: hHeap=0x6d0000) returned 1 [0028.216] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32d8 [0028.216] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f33b0 [0028.216] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0028.216] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0028.217] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="..", cAlternateFileName="")) returned 1 [0028.217] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5137ebf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x5137ebf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="9QH4S0GZ", cAlternateFileName="")) returned 1 [0028.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32d8 [0028.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f34f0 [0028.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0028.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3718 [0028.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.217] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5137ebf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x5137ebf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0028.287] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5137ebf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x5137ebf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="..", cAlternateFileName="")) returned 1 [0028.461] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdbb73b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdbb73b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdc03670, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x39d41, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="28-8f3193-f30905ea[1]", cAlternateFileName="28-8F3~1")) returned 1 [0028.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.461] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.462] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x39d41, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x39d41, lpOverlapped=0x0) returned 1 [0028.474] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.474] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x39d41, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x39d41, lpOverlapped=0x0) returned 1 [0028.474] CloseHandle (hObject=0x54) returned 1 [0028.475] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0028.475] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1].adv")) returned 1 [0028.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.475] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x551dcf90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x551dcf90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5529b670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ecb, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="528d82a2[1].js", cAlternateFileName="528D82~1.JS")) returned 1 [0028.475] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.475] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.476] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2ecb, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2ecb, lpOverlapped=0x0) returned 1 [0028.478] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.478] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2ecb, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2ecb, lpOverlapped=0x0) returned 1 [0028.478] CloseHandle (hObject=0x54) returned 1 [0028.478] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.478] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js.adv")) returned 1 [0028.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.479] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454c4930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x135, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA3e3XC[2].png", cAlternateFileName="AA3E3X~2.PNG")) returned 1 [0028.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.481] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x135, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x135, lpOverlapped=0x0) returned 1 [0028.482] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.482] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x135, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x135, lpOverlapped=0x0) returned 1 [0028.482] CloseHandle (hObject=0x54) returned 1 [0028.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.482] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png.adv")) returned 1 [0028.483] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.483] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.483] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA3vOVA[1].png", cAlternateFileName="AA3VOV~1.PNG")) returned 1 [0028.483] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.483] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.483] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.484] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x28e, lpOverlapped=0x0) returned 1 [0028.485] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.485] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x28e, lpOverlapped=0x0) returned 1 [0028.486] CloseHandle (hObject=0x54) returned 1 [0028.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.486] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png.adv")) returned 1 [0028.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.486] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1cd, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA42EP9[1].png", cAlternateFileName="AA42EP~1.PNG")) returned 1 [0028.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.487] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cd, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1cd, lpOverlapped=0x0) returned 1 [0028.488] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.488] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cd, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1cd, lpOverlapped=0x0) returned 1 [0028.488] CloseHandle (hObject=0x54) returned 1 [0028.488] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.488] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png.adv")) returned 1 [0028.489] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.489] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.489] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514ddbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x514ddbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x514ddbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA54rQj[1].png", cAlternateFileName="AA54RQ~1.PNG")) returned 1 [0028.489] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.489] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.489] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.489] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x191, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x191, lpOverlapped=0x0) returned 1 [0028.491] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.491] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x191, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x191, lpOverlapped=0x0) returned 1 [0028.491] CloseHandle (hObject=0x54) returned 1 [0028.491] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.491] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png.adv")) returned 1 [0028.492] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.492] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.492] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19d, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA61yi9[1].png", cAlternateFileName="AA61YI~1.PNG")) returned 1 [0028.492] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.492] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.492] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.493] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x19d, lpOverlapped=0x0) returned 1 [0028.494] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.494] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x19d, lpOverlapped=0x0) returned 1 [0028.494] CloseHandle (hObject=0x54) returned 1 [0028.495] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.495] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png.adv")) returned 1 [0028.495] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.495] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.495] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fa5350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c8, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA8uCo4[1].png", cAlternateFileName="AA8UCO~1.PNG")) returned 1 [0028.495] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.495] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.495] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.496] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2c8, lpOverlapped=0x0) returned 1 [0028.498] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.498] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2c8, lpOverlapped=0x0) returned 1 [0028.498] CloseHandle (hObject=0x54) returned 1 [0028.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.498] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png.adv")) returned 1 [0028.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.498] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4593b270, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x342, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AAdAVrM[1].png", cAlternateFileName="AADAVR~1.PNG")) returned 1 [0028.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.499] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x342, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x342, lpOverlapped=0x0) returned 1 [0028.501] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.501] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x342, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x342, lpOverlapped=0x0) returned 1 [0028.501] CloseHandle (hObject=0x54) returned 1 [0028.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.501] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png.adv")) returned 1 [0028.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.502] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf4697f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf4697f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf4b5ab0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x21e7, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="adServer[1].htm", cAlternateFileName="ADSERV~1.HTM")) returned 1 [0028.502] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.502] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.503] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21e7, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x21e7, lpOverlapped=0x0) returned 1 [0028.504] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.504] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21e7, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x21e7, lpOverlapped=0x0) returned 1 [0028.505] CloseHandle (hObject=0x54) returned 1 [0028.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.505] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm.adv")) returned 1 [0028.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.505] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="advertisement.ad[1].js", cAlternateFileName="ADVERT~1.JS")) returned 1 [0028.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.506] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c, lpOverlapped=0x0) returned 1 [0028.508] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.508] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c, lpOverlapped=0x0) returned 1 [0028.508] CloseHandle (hObject=0x54) returned 1 [0028.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0028.508] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js.adv")) returned 1 [0028.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.508] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x545d0030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545d0030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x545d0030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="async_usersync[1]", cAlternateFileName="ASYNC_~1")) returned 1 [0028.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.509] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x40b, lpOverlapped=0x0) returned 1 [0028.510] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.510] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x40b, lpOverlapped=0x0) returned 1 [0028.510] CloseHandle (hObject=0x54) returned 1 [0028.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.510] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1].adv")) returned 1 [0028.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.511] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe9ff7b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe9ff7b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9ff7b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x534, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="async_usersync[2]", cAlternateFileName="ASYNC_~2")) returned 1 [0028.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.513] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x534, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x534, lpOverlapped=0x0) returned 1 [0028.515] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.515] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x534, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x534, lpOverlapped=0x0) returned 1 [0028.515] CloseHandle (hObject=0x54) returned 1 [0028.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.515] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2].adv")) returned 1 [0028.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.515] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe9ff7b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe9ff7b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9ff7b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x532, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="async_usersync[3]", cAlternateFileName="ASYNC_~3")) returned 1 [0028.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.516] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x532, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x532, lpOverlapped=0x0) returned 1 [0028.518] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.518] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x532, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x532, lpOverlapped=0x0) returned 1 [0028.518] CloseHandle (hObject=0x54) returned 1 [0028.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.518] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3].adv")) returned 1 [0028.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.519] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454c4930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1d0, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BB1CcOi[1].png", cAlternateFileName="BB1CCO~1.PNG")) returned 1 [0028.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.519] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1d0, lpOverlapped=0x0) returned 1 [0028.521] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.521] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1d0, lpOverlapped=0x0) returned 1 [0028.521] CloseHandle (hObject=0x54) returned 1 [0028.521] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.521] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png.adv")) returned 1 [0028.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.522] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BB46JmN[1].png", cAlternateFileName="BB46JM~1.PNG")) returned 1 [0028.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.523] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x310, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x310, lpOverlapped=0x0) returned 1 [0028.524] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.524] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x310, lpOverlapped=0x0) returned 1 [0028.525] CloseHandle (hObject=0x54) returned 1 [0028.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.525] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png.adv")) returned 1 [0028.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.525] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BB5kJAC[1].png", cAlternateFileName="BB5KJA~1.PNG")) returned 1 [0028.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.526] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x120, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x120, lpOverlapped=0x0) returned 1 [0028.528] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.528] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x120, lpOverlapped=0x0) returned 1 [0028.528] CloseHandle (hObject=0x54) returned 1 [0028.528] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.528] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png.adv")) returned 1 [0028.528] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.528] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.528] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53337450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BB5kTiV[1].png", cAlternateFileName="BB5KTI~1.PNG")) returned 1 [0028.528] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.528] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.528] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.529] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x121, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x121, lpOverlapped=0x0) returned 1 [0028.531] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.531] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x121, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x121, lpOverlapped=0x0) returned 1 [0028.531] CloseHandle (hObject=0x54) returned 1 [0028.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.531] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png.adv")) returned 1 [0028.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.532] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x18c, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BB6Ma4a[1].png", cAlternateFileName="BB6MA4~1.PNG")) returned 1 [0028.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.532] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x18c, lpOverlapped=0x0) returned 1 [0028.535] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.535] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x18c, lpOverlapped=0x0) returned 1 [0028.535] CloseHandle (hObject=0x54) returned 1 [0028.535] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.535] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png.adv")) returned 1 [0028.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.536] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x168, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BB74fLs[1].png", cAlternateFileName="BB74FL~1.PNG")) returned 1 [0028.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.537] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x168, lpOverlapped=0x0) returned 1 [0028.539] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.539] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x168, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x168, lpOverlapped=0x0) returned 1 [0028.539] CloseHandle (hObject=0x54) returned 1 [0028.539] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.539] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png.adv")) returned 1 [0028.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.542] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6421e580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6421e580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x642446e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x333f, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBIqq8[1].jpg", cAlternateFileName="BBBIQQ~1.JPG")) returned 1 [0028.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.543] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x333f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x333f, lpOverlapped=0x0) returned 1 [0028.544] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.544] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x333f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x333f, lpOverlapped=0x0) returned 1 [0028.544] CloseHandle (hObject=0x54) returned 1 [0028.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.545] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg.adv")) returned 1 [0028.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.545] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x90b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBL0ij[1].jpg", cAlternateFileName="BBBL0I~1.JPG")) returned 1 [0028.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.546] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x90b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x90b, lpOverlapped=0x0) returned 1 [0028.548] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.548] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x90b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x90b, lpOverlapped=0x0) returned 1 [0028.548] CloseHandle (hObject=0x54) returned 1 [0028.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.548] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg.adv")) returned 1 [0028.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.548] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53630fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53630fd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53657130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x994, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBLhZX[1].jpg", cAlternateFileName="BBBLHZ~1.JPG")) returned 1 [0028.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.549] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x994, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x994, lpOverlapped=0x0) returned 1 [0028.551] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.551] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x994, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x994, lpOverlapped=0x0) returned 1 [0028.551] CloseHandle (hObject=0x54) returned 1 [0028.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.551] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg.adv")) returned 1 [0028.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.552] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53467f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53467f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53467f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28b9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBNiEo[1].jpg", cAlternateFileName="BBBNIE~1.JPG")) returned 1 [0028.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.552] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28b9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x28b9, lpOverlapped=0x0) returned 1 [0028.554] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.554] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28b9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x28b9, lpOverlapped=0x0) returned 1 [0028.554] CloseHandle (hObject=0x54) returned 1 [0028.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.554] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg.adv")) returned 1 [0028.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.555] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b65ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b65ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53b8c150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x176d, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBO1mQ[1].jpg", cAlternateFileName="BBBO1M~1.JPG")) returned 1 [0028.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.556] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x176d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x176d, lpOverlapped=0x0) returned 1 [0028.557] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.557] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x176d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x176d, lpOverlapped=0x0) returned 1 [0028.557] CloseHandle (hObject=0x54) returned 1 [0028.557] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.557] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg.adv")) returned 1 [0028.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.558] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d18e120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d18e120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6d1b4280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6218, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBO3tl[1].jpg", cAlternateFileName="BBBO3T~1.JPG")) returned 1 [0028.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.558] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6218, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6218, lpOverlapped=0x0) returned 1 [0028.560] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.561] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6218, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6218, lpOverlapped=0x0) returned 1 [0028.561] CloseHandle (hObject=0x54) returned 1 [0028.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.561] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg.adv")) returned 1 [0028.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.561] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x75a, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBO8dQ[1].jpg", cAlternateFileName="BBBO8D~1.JPG")) returned 1 [0028.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.562] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x75a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x75a, lpOverlapped=0x0) returned 1 [0028.564] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.564] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x75a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x75a, lpOverlapped=0x0) returned 1 [0028.564] CloseHandle (hObject=0x54) returned 1 [0028.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.564] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg.adv")) returned 1 [0028.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.565] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x537add90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x537add90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x537add90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d89, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBOe7C[1].jpg", cAlternateFileName="BBBOE7~1.JPG")) returned 1 [0028.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.565] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d89, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2d89, lpOverlapped=0x0) returned 1 [0028.567] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.567] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d89, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2d89, lpOverlapped=0x0) returned 1 [0028.567] CloseHandle (hObject=0x54) returned 1 [0028.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.567] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg.adv")) returned 1 [0028.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.568] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.568] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5303d8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5303d8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5303d8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1e36, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBPThN[1].jpg", cAlternateFileName="BBBPTH~1.JPG")) returned 1 [0028.568] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.568] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.568] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.568] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1e36, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1e36, lpOverlapped=0x0) returned 1 [0028.570] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.570] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1e36, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1e36, lpOverlapped=0x0) returned 1 [0028.570] CloseHandle (hObject=0x54) returned 1 [0028.570] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.570] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg.adv")) returned 1 [0028.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.571] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1ee7, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBPUFJ[1].jpg", cAlternateFileName="BBBPUF~1.JPG")) returned 1 [0028.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.571] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1ee7, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1ee7, lpOverlapped=0x0) returned 1 [0028.573] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.573] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1ee7, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1ee7, lpOverlapped=0x0) returned 1 [0028.573] CloseHandle (hObject=0x54) returned 1 [0028.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.573] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg.adv")) returned 1 [0028.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.574] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x924, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBQxzx[1].jpg", cAlternateFileName="BBBQXZ~1.JPG")) returned 1 [0028.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.574] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x924, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x924, lpOverlapped=0x0) returned 1 [0028.576] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.576] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x924, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x924, lpOverlapped=0x0) returned 1 [0028.576] CloseHandle (hObject=0x54) returned 1 [0028.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.576] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg.adv")) returned 1 [0028.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.577] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1963, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBseMP[1].jpg", cAlternateFileName="BBBSEM~1.JPG")) returned 1 [0028.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.580] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1963, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1963, lpOverlapped=0x0) returned 1 [0028.581] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.581] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1963, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1963, lpOverlapped=0x0) returned 1 [0028.581] CloseHandle (hObject=0x54) returned 1 [0028.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.582] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg.adv")) returned 1 [0028.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.582] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53af3bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53af3bd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53af3bd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x16d6, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBsqNL[1].jpg", cAlternateFileName="BBBSQN~1.JPG")) returned 1 [0028.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.583] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16d6, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x16d6, lpOverlapped=0x0) returned 1 [0028.584] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.584] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16d6, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x16d6, lpOverlapped=0x0) returned 1 [0028.585] CloseHandle (hObject=0x54) returned 1 [0028.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.585] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg.adv")) returned 1 [0028.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.585] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7ae, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBTpvW[1].jpg", cAlternateFileName="BBBTPV~1.JPG")) returned 1 [0028.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.586] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7ae, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7ae, lpOverlapped=0x0) returned 1 [0028.587] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.587] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7ae, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7ae, lpOverlapped=0x0) returned 1 [0028.587] CloseHandle (hObject=0x54) returned 1 [0028.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.587] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg.adv")) returned 1 [0028.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.588] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x974, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBVEOW[1].jpg", cAlternateFileName="BBBVEO~1.JPG")) returned 1 [0028.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.588] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x974, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x974, lpOverlapped=0x0) returned 1 [0028.590] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.590] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x974, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x974, lpOverlapped=0x0) returned 1 [0028.590] CloseHandle (hObject=0x54) returned 1 [0028.590] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.590] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg.adv")) returned 1 [0028.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.590] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1e67, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBVGsM[1].jpg", cAlternateFileName="BBBVGS~1.JPG")) returned 1 [0028.590] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.590] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.591] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1e67, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1e67, lpOverlapped=0x0) returned 1 [0028.592] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.592] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1e67, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1e67, lpOverlapped=0x0) returned 1 [0028.593] CloseHandle (hObject=0x54) returned 1 [0028.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.593] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg.adv")) returned 1 [0028.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.593] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaa8, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBVIzI[1].jpg", cAlternateFileName="BBBVIZ~1.JPG")) returned 1 [0028.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.594] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaa8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xaa8, lpOverlapped=0x0) returned 1 [0028.596] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.596] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaa8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xaa8, lpOverlapped=0x0) returned 1 [0028.596] CloseHandle (hObject=0x54) returned 1 [0028.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.596] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg.adv")) returned 1 [0028.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.596] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f59090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f59090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f59090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x97a, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBVJ4r[1].jpg", cAlternateFileName="BBBVJ4~1.JPG")) returned 1 [0028.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.600] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x97a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x97a, lpOverlapped=0x0) returned 1 [0028.602] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.602] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x97a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x97a, lpOverlapped=0x0) returned 1 [0028.602] CloseHandle (hObject=0x54) returned 1 [0028.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.602] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg.adv")) returned 1 [0028.603] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.603] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.603] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5160e6d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5160e6d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5160e6d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7d8, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBVxM8[1].jpg", cAlternateFileName="BBBVXM~1.JPG")) returned 1 [0028.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.603] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.603] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7d8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7d8, lpOverlapped=0x0) returned 1 [0028.605] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.605] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7d8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7d8, lpOverlapped=0x0) returned 1 [0028.605] CloseHandle (hObject=0x54) returned 1 [0028.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.605] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg.adv")) returned 1 [0028.605] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538de890, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538de890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538de890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d7, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBz9wz[1].jpg", cAlternateFileName="BBBZ9W~1.JPG")) returned 1 [0028.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.606] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.606] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8d7, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x8d7, lpOverlapped=0x0) returned 1 [0028.607] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.607] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8d7, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x8d7, lpOverlapped=0x0) returned 1 [0028.608] CloseHandle (hObject=0x54) returned 1 [0028.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.608] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg.adv")) returned 1 [0028.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.608] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6421e580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6421e580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x642446e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24be, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBzxW1[1].jpg", cAlternateFileName="BBBZXW~1.JPG")) returned 1 [0028.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.609] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24be, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x24be, lpOverlapped=0x0) returned 1 [0028.610] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.610] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24be, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x24be, lpOverlapped=0x0) returned 1 [0028.610] CloseHandle (hObject=0x54) returned 1 [0028.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.611] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg.adv")) returned 1 [0028.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.611] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6125cc20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6125cc20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x33a8, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC06Ub[1].jpg", cAlternateFileName="BBC06U~1.JPG")) returned 1 [0028.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.611] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.612] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x33a8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x33a8, lpOverlapped=0x0) returned 1 [0028.614] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.614] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x33a8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x33a8, lpOverlapped=0x0) returned 1 [0028.614] CloseHandle (hObject=0x54) returned 1 [0028.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.614] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg.adv")) returned 1 [0028.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.615] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53017770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x738, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC095c[1].jpg", cAlternateFileName="BBC095~1.JPG")) returned 1 [0028.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.616] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x738, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x738, lpOverlapped=0x0) returned 1 [0028.617] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.617] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x738, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x738, lpOverlapped=0x0) returned 1 [0028.617] CloseHandle (hObject=0x54) returned 1 [0028.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.617] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg.adv")) returned 1 [0028.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.618] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ff1610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ff1610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ff1610, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17a5, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0ALC[1].jpg", cAlternateFileName="BBC0AL~1.JPG")) returned 1 [0028.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.619] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17a5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x17a5, lpOverlapped=0x0) returned 1 [0028.620] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.620] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17a5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x17a5, lpOverlapped=0x0) returned 1 [0028.620] CloseHandle (hObject=0x54) returned 1 [0028.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.621] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg.adv")) returned 1 [0028.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.621] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2720, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0lYn[1].jpg", cAlternateFileName="BBC0LY~1.JPG")) returned 1 [0028.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.622] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2720, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2720, lpOverlapped=0x0) returned 1 [0028.624] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.624] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2720, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2720, lpOverlapped=0x0) returned 1 [0028.624] CloseHandle (hObject=0x54) returned 1 [0028.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.624] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg.adv")) returned 1 [0028.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.625] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f0cdd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x522, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0mlu[1].jpg", cAlternateFileName="BBC0ML~1.JPG")) returned 1 [0028.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.625] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.625] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x522, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x522, lpOverlapped=0x0) returned 1 [0028.626] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.626] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x522, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x522, lpOverlapped=0x0) returned 1 [0028.627] CloseHandle (hObject=0x54) returned 1 [0028.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.627] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg.adv")) returned 1 [0028.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.627] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x188f, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0rDa[1].jpg", cAlternateFileName="BBC0RD~1.JPG")) returned 1 [0028.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.628] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x188f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x188f, lpOverlapped=0x0) returned 1 [0028.629] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.629] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x188f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x188f, lpOverlapped=0x0) returned 1 [0028.629] CloseHandle (hObject=0x54) returned 1 [0028.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.629] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg.adv")) returned 1 [0028.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.630] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e9a9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e9a9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e9a9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7fe, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0rDa[2].jpg", cAlternateFileName="BBC0RD~2.JPG")) returned 1 [0028.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.630] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7fe, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7fe, lpOverlapped=0x0) returned 1 [0028.632] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.632] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7fe, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7fe, lpOverlapped=0x0) returned 1 [0028.632] CloseHandle (hObject=0x54) returned 1 [0028.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.632] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg.adv")) returned 1 [0028.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.633] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e275160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e275160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5e275160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x320d, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0tCi[1].jpg", cAlternateFileName="BBC0TC~1.JPG")) returned 1 [0028.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.634] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x320d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x320d, lpOverlapped=0x0) returned 1 [0028.636] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.636] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x320d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x320d, lpOverlapped=0x0) returned 1 [0028.636] CloseHandle (hObject=0x54) returned 1 [0028.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.636] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg.adv")) returned 1 [0028.636] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.636] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.636] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459d37f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x28f2, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBDK7Yy[1].jpg", cAlternateFileName="BBDK7Y~1.JPG")) returned 1 [0028.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.636] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.637] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28f2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x28f2, lpOverlapped=0x0) returned 1 [0028.639] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.639] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28f2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x28f2, lpOverlapped=0x0) returned 1 [0028.639] CloseHandle (hObject=0x54) returned 1 [0028.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.639] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg.adv")) returned 1 [0028.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.648] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458eefb0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x83c, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBDRbsH[1].jpg", cAlternateFileName="BBDRBS~1.JPG")) returned 1 [0028.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.649] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x83c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x83c, lpOverlapped=0x0) returned 1 [0028.651] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.651] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x83c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x83c, lpOverlapped=0x0) returned 1 [0028.652] CloseHandle (hObject=0x54) returned 1 [0028.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.652] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg.adv")) returned 1 [0028.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.652] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b9c870, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x968, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBDZoZR[1].jpg", cAlternateFileName="BBDZOZ~1.JPG")) returned 1 [0028.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.653] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x968, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x968, lpOverlapped=0x0) returned 1 [0028.654] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.654] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x968, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x968, lpOverlapped=0x0) returned 1 [0028.655] CloseHandle (hObject=0x54) returned 1 [0028.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.655] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg.adv")) returned 1 [0028.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.655] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8d4, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBE97O8[1].jpg", cAlternateFileName="BBE97O~1.JPG")) returned 1 [0028.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.656] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8d4, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x8d4, lpOverlapped=0x0) returned 1 [0028.658] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.658] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8d4, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x8d4, lpOverlapped=0x0) returned 1 [0028.658] CloseHandle (hObject=0x54) returned 1 [0028.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.658] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg.adv")) returned 1 [0028.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.659] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459d37f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x6e0, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBE9wSt[1].jpg", cAlternateFileName="BBE9WS~1.JPG")) returned 1 [0028.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.660] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6e0, lpOverlapped=0x0) returned 1 [0028.662] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.662] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6e0, lpOverlapped=0x0) returned 1 [0028.662] CloseHandle (hObject=0x54) returned 1 [0028.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.662] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg.adv")) returned 1 [0028.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.663] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a6bd70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8b9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEcHle[1].jpg", cAlternateFileName="BBECHL~1.JPG")) returned 1 [0028.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.665] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8b9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x8b9, lpOverlapped=0x0) returned 1 [0028.667] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.667] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8b9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x8b9, lpOverlapped=0x0) returned 1 [0028.667] CloseHandle (hObject=0x54) returned 1 [0028.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.667] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg.adv")) returned 1 [0028.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.668] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458eefb0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2086, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEdE0f[1].jpg", cAlternateFileName="BBEDE0~1.JPG")) returned 1 [0028.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.669] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2086, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2086, lpOverlapped=0x0) returned 1 [0028.670] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.670] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2086, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2086, lpOverlapped=0x0) returned 1 [0028.670] CloseHandle (hObject=0x54) returned 1 [0028.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.671] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg.adv")) returned 1 [0028.671] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.671] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.671] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x97b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEdoQv[1].jpg", cAlternateFileName="BBEDOQ~1.JPG")) returned 1 [0028.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.671] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.672] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x97b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x97b, lpOverlapped=0x0) returned 1 [0028.674] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.674] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x97b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x97b, lpOverlapped=0x0) returned 1 [0028.674] CloseHandle (hObject=0x54) returned 1 [0028.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.674] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg.adv")) returned 1 [0028.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.675] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x69a, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEdqEy[1].jpg", cAlternateFileName="BBEDQE~1.JPG")) returned 1 [0028.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.676] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x69a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x69a, lpOverlapped=0x0) returned 1 [0028.678] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.678] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x69a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x69a, lpOverlapped=0x0) returned 1 [0028.678] CloseHandle (hObject=0x54) returned 1 [0028.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.678] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg.adv")) returned 1 [0028.678] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.679] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.679] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x6d0, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEdtWw[1].jpg", cAlternateFileName="BBEDTW~1.JPG")) returned 1 [0028.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.679] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.680] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6d0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6d0, lpOverlapped=0x0) returned 1 [0028.681] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.681] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6d0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6d0, lpOverlapped=0x0) returned 1 [0028.681] CloseHandle (hObject=0x54) returned 1 [0028.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.681] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg.adv")) returned 1 [0028.682] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.682] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.682] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x687, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEdXJj[1].jpg", cAlternateFileName="BBEDXJ~1.JPG")) returned 1 [0028.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.682] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.683] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x687, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x687, lpOverlapped=0x0) returned 1 [0028.685] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.685] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x687, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x687, lpOverlapped=0x0) returned 1 [0028.685] CloseHandle (hObject=0x54) returned 1 [0028.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.685] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg.adv")) returned 1 [0028.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.685] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4580a770, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x24c8, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEeP0k[1].jpg", cAlternateFileName="BBEEP0~1.JPG")) returned 1 [0028.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.686] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24c8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x24c8, lpOverlapped=0x0) returned 1 [0028.688] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.688] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24c8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x24c8, lpOverlapped=0x0) returned 1 [0028.688] CloseHandle (hObject=0x54) returned 1 [0028.688] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.688] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg.adv")) returned 1 [0028.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.689] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b76710, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3417, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEeTuf[1].jpg", cAlternateFileName="BBEETU~1.JPG")) returned 1 [0028.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.690] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3417, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3417, lpOverlapped=0x0) returned 1 [0028.692] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.692] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3417, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3417, lpOverlapped=0x0) returned 1 [0028.692] CloseHandle (hObject=0x54) returned 1 [0028.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.694] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg.adv")) returned 1 [0028.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.695] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xc0b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEfE6e[1].jpg", cAlternateFileName="BBEFE6~1.JPG")) returned 1 [0028.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.696] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc0b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xc0b, lpOverlapped=0x0) returned 1 [0028.697] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.697] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc0b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xc0b, lpOverlapped=0x0) returned 1 [0028.698] CloseHandle (hObject=0x54) returned 1 [0028.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.698] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg.adv")) returned 1 [0028.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.698] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45510bf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3c4c, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEfjuT[1].jpg", cAlternateFileName="BBEFJU~1.JPG")) returned 1 [0028.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.701] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c4c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3c4c, lpOverlapped=0x0) returned 1 [0028.703] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.703] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c4c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3c4c, lpOverlapped=0x0) returned 1 [0028.703] CloseHandle (hObject=0x54) returned 1 [0028.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.703] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg.adv")) returned 1 [0028.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.703] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459f9950, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1f0e, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEg9QV[1].jpg", cAlternateFileName="BBEG9Q~1.JPG")) returned 1 [0028.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.704] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f0e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1f0e, lpOverlapped=0x0) returned 1 [0028.706] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.706] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f0e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1f0e, lpOverlapped=0x0) returned 1 [0028.706] CloseHandle (hObject=0x54) returned 1 [0028.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.706] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg.adv")) returned 1 [0028.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.707] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4587cb90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x980, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgGSl[1].jpg", cAlternateFileName="BBEGGS~1.JPG")) returned 1 [0028.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.708] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x980, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x980, lpOverlapped=0x0) returned 1 [0028.710] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.710] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x980, lpOverlapped=0x0) returned 1 [0028.710] CloseHandle (hObject=0x54) returned 1 [0028.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.710] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg.adv")) returned 1 [0028.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.710] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23fd, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgiYw[1].jpg", cAlternateFileName="BBEGIY~1.JPG")) returned 1 [0028.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.711] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23fd, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x23fd, lpOverlapped=0x0) returned 1 [0028.713] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.713] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23fd, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x23fd, lpOverlapped=0x0) returned 1 [0028.713] CloseHandle (hObject=0x54) returned 1 [0028.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.713] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg.adv")) returned 1 [0028.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.714] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1a59, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgJfz[1].jpg", cAlternateFileName="BBEGJF~1.JPG")) returned 1 [0028.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.715] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a59, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1a59, lpOverlapped=0x0) returned 1 [0028.716] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.716] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a59, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1a59, lpOverlapped=0x0) returned 1 [0028.716] CloseHandle (hObject=0x54) returned 1 [0028.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.717] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg.adv")) returned 1 [0028.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.717] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7b0, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgqtY[1].jpg", cAlternateFileName="BBEGQT~1.JPG")) returned 1 [0028.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.718] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7b0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7b0, lpOverlapped=0x0) returned 1 [0028.721] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.721] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7b0, lpOverlapped=0x0) returned 1 [0028.721] CloseHandle (hObject=0x54) returned 1 [0028.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.721] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg.adv")) returned 1 [0028.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.722] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x44ec, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgsz3[1].jpg", cAlternateFileName="BBEGSZ~1.JPG")) returned 1 [0028.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.723] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x44ec, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x44ec, lpOverlapped=0x0) returned 1 [0028.725] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.725] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x44ec, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x44ec, lpOverlapped=0x0) returned 1 [0028.725] CloseHandle (hObject=0x54) returned 1 [0028.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.725] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg.adv")) returned 1 [0028.726] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.726] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.726] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbde8add0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x171b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgtcS[1].jpg", cAlternateFileName="BBEGTC~1.JPG")) returned 1 [0028.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.726] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.727] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x171b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x171b, lpOverlapped=0x0) returned 1 [0028.730] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.730] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x171b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x171b, lpOverlapped=0x0) returned 1 [0028.731] CloseHandle (hObject=0x54) returned 1 [0028.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.731] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg.adv")) returned 1 [0028.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.731] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457721f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457721f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457721f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1826, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgtcS[2].jpg", cAlternateFileName="BBEGTC~2.JPG")) returned 1 [0028.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.732] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1826, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1826, lpOverlapped=0x0) returned 1 [0028.734] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.734] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1826, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1826, lpOverlapped=0x0) returned 1 [0028.734] CloseHandle (hObject=0x54) returned 1 [0028.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.734] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg.adv")) returned 1 [0028.735] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.735] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.735] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5e5, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgx5f[1].jpg", cAlternateFileName="BBEGX5~1.JPG")) returned 1 [0028.735] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.735] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.735] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.736] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5e5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x5e5, lpOverlapped=0x0) returned 1 [0028.737] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.737] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5e5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x5e5, lpOverlapped=0x0) returned 1 [0028.738] CloseHandle (hObject=0x54) returned 1 [0028.738] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.738] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg.adv")) returned 1 [0028.738] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.738] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.738] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b505b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x5e5, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgx5f[2].jpg", cAlternateFileName="BBEGX5~2.JPG")) returned 1 [0028.738] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.738] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.738] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.739] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5e5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x5e5, lpOverlapped=0x0) returned 1 [0028.741] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.741] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5e5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x5e5, lpOverlapped=0x0) returned 1 [0028.741] CloseHandle (hObject=0x54) returned 1 [0028.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.741] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg.adv")) returned 1 [0028.742] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.742] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.742] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3565, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgyIm[1].jpg", cAlternateFileName="BBEGYI~1.JPG")) returned 1 [0028.742] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.742] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.742] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.742] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3565, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3565, lpOverlapped=0x0) returned 1 [0028.744] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.744] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3565, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3565, lpOverlapped=0x0) returned 1 [0028.744] CloseHandle (hObject=0x54) returned 1 [0028.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.744] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg.adv")) returned 1 [0028.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.745] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBg3ODX[2].png", cAlternateFileName="BBG3OD~2.PNG")) returned 1 [0028.745] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.745] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.746] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xf3, lpOverlapped=0x0) returned 1 [0028.747] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.747] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xf3, lpOverlapped=0x0) returned 1 [0028.747] CloseHandle (hObject=0x54) returned 1 [0028.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.748] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png.adv")) returned 1 [0028.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.748] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbde8add0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x3b9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBiyCq[1].png", cAlternateFileName="BBIYCQ~1.PNG")) returned 1 [0028.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.749] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3b9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3b9, lpOverlapped=0x0) returned 1 [0028.750] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.750] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3b9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3b9, lpOverlapped=0x0) returned 1 [0028.751] CloseHandle (hObject=0x54) returned 1 [0028.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.751] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png.adv")) returned 1 [0028.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.751] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f7f1f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14d, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBn4lUU[1].png", cAlternateFileName="BBN4LU~1.PNG")) returned 1 [0028.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.752] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x14d, lpOverlapped=0x0) returned 1 [0028.754] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.754] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x14d, lpOverlapped=0x0) returned 1 [0028.754] CloseHandle (hObject=0x54) returned 1 [0028.754] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png.adv")) returned 1 [0028.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.754] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x24b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBnMKeN[1].png", cAlternateFileName="BBNMKE~1.PNG")) returned 1 [0028.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.755] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x24b, lpOverlapped=0x0) returned 1 [0028.756] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.756] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x24b, lpOverlapped=0x0) returned 1 [0028.756] CloseHandle (hObject=0x54) returned 1 [0028.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.757] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png.adv")) returned 1 [0028.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.757] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x38b7, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBwGan9[1].jpg", cAlternateFileName="BBWGAN~1.JPG")) returned 1 [0028.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.758] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x38b7, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x38b7, lpOverlapped=0x0) returned 1 [0028.760] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.760] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x38b7, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x38b7, lpOverlapped=0x0) returned 1 [0028.760] CloseHandle (hObject=0x54) returned 1 [0028.760] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.760] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg.adv")) returned 1 [0028.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.761] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBz3ebk[1].png", cAlternateFileName="BBZ3EB~1.PNG")) returned 1 [0028.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.761] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x36c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x36c, lpOverlapped=0x0) returned 1 [0028.763] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.763] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x36c, lpOverlapped=0x0) returned 1 [0028.763] CloseHandle (hObject=0x54) returned 1 [0028.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.763] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png.adv")) returned 1 [0028.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.764] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60d4dd60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60d4dd60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60d4dd60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29ed, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="benefits-5-mobile[1].png", cAlternateFileName="BENEFI~1.PNG")) returned 1 [0028.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.765] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29ed, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x29ed, lpOverlapped=0x0) returned 1 [0028.766] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.766] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29ed, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x29ed, lpOverlapped=0x0) returned 1 [0028.766] CloseHandle (hObject=0x54) returned 1 [0028.766] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0028.767] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png.adv")) returned 1 [0028.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.767] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61804060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61804060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61850320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f3f, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="cb=gapi[1].loaded_1", cAlternateFileName="CB_GAP~1.LOA")) returned 1 [0028.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.768] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13f3f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x13f3f, lpOverlapped=0x0) returned 1 [0028.770] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.771] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13f3f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x13f3f, lpOverlapped=0x0) returned 1 [0028.771] CloseHandle (hObject=0x54) returned 1 [0028.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.771] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1.adv")) returned 1 [0028.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.772] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60ea49c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60ea49c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60ef0c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c6c, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="chrome-new[1].jpg", cAlternateFileName="CHROME~1.JPG")) returned 1 [0028.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.773] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10c6c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x10c6c, lpOverlapped=0x0) returned 1 [0028.775] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.775] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10c6c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x10c6c, lpOverlapped=0x0) returned 1 [0028.775] CloseHandle (hObject=0x54) returned 1 [0028.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.775] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg.adv")) returned 1 [0028.776] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.776] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.776] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60aec760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60aec760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60b128c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4739, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot", cAlternateFileName="CJZKEO~1.EOT")) returned 1 [0028.776] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.776] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.776] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.777] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4739, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4739, lpOverlapped=0x0) returned 1 [0028.778] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.778] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4739, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4739, lpOverlapped=0x0) returned 1 [0028.779] CloseHandle (hObject=0x54) returned 1 [0028.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f39c8 [0028.779] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot.adv")) returned 1 [0028.779] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.779] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.779] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53bb22b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7b1, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="ContainerTag[1].js", cAlternateFileName="CONTAI~1.JS")) returned 1 [0028.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.780] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7b1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7b1, lpOverlapped=0x0) returned 1 [0028.782] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.782] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7b1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7b1, lpOverlapped=0x0) returned 1 [0028.782] CloseHandle (hObject=0x54) returned 1 [0028.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.782] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js.adv")) returned 1 [0028.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.783] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe6dfad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe6dfad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe6dfad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7b1, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="ContainerTag[2].js", cAlternateFileName="CONTAI~2.JS")) returned 1 [0028.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.783] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7b1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7b1, lpOverlapped=0x0) returned 1 [0028.785] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.785] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7b1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7b1, lpOverlapped=0x0) returned 1 [0028.785] CloseHandle (hObject=0x54) returned 1 [0028.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.785] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js.adv")) returned 1 [0028.786] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.786] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.786] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5ddbc1a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5ddbc1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5ddbc1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="css[2].txt", cAlternateFileName="CSS_2_~1.TXT")) returned 1 [0028.786] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.786] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.786] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.787] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbb, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xbb, lpOverlapped=0x0) returned 1 [0028.788] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.788] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbb, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xbb, lpOverlapped=0x0) returned 1 [0028.788] CloseHandle (hObject=0x54) returned 1 [0028.788] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0028.788] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt.adv")) returned 1 [0028.788] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.788] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.788] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0028.788] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.789] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x43, lpOverlapped=0x0) returned 1 [0028.790] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.790] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x43, lpOverlapped=0x0) returned 1 [0028.790] CloseHandle (hObject=0x54) returned 1 [0028.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0028.790] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini.adv")) returned 1 [0028.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.790] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5114bad0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5114bad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x511bdef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x39a21, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="f8-028d9f-f30905ea[1]", cAlternateFileName="F8-028~1")) returned 1 [0028.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.791] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x39a21, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x39a21, lpOverlapped=0x0) returned 1 [0028.796] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.796] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x39a21, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x39a21, lpOverlapped=0x0) returned 1 [0028.797] CloseHandle (hObject=0x54) returned 1 [0028.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0028.797] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1].adv")) returned 1 [0028.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.798] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf893e70, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf893e70, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf893e70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7f78, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="fallback_728x90[1].jpg", cAlternateFileName="FALLBA~1.JPG")) returned 1 [0028.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.799] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7f78, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7f78, lpOverlapped=0x0) returned 1 [0028.800] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.800] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7f78, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7f78, lpOverlapped=0x0) returned 1 [0028.801] CloseHandle (hObject=0x54) returned 1 [0028.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0028.801] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg.adv")) returned 1 [0028.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.801] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xca2, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]", cAlternateFileName="GETYPE~1")) returned 1 [0028.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f39c8 [0028.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.802] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xca2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xca2, lpOverlapped=0x0) returned 1 [0028.803] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.803] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xca2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xca2, lpOverlapped=0x0) returned 1 [0028.803] CloseHandle (hObject=0x54) returned 1 [0028.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f3be0 [0028.804] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1].adv")) returned 0 [0028.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3be0 | out: hHeap=0x6d0000) returned 1 [0028.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.804] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde189b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde189b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbde189b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1305, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]", cAlternateFileName="GETYPE~2")) returned 1 [0028.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f39c8 [0028.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.805] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1305, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1305, lpOverlapped=0x0) returned 1 [0028.807] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.807] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1305, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1305, lpOverlapped=0x0) returned 1 [0028.807] CloseHandle (hObject=0x54) returned 1 [0028.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f3be0 [0028.807] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1].adv")) returned 0 [0028.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3be0 | out: hHeap=0x6d0000) returned 1 [0028.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.807] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x551dcf90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x551dcf90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x551dcf90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="ie8[1].txt", cAlternateFileName="IE8_1_~1.TXT")) returned 1 [0028.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.808] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x66, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x66, lpOverlapped=0x0) returned 1 [0028.809] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.809] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x66, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x66, lpOverlapped=0x0) returned 1 [0028.809] CloseHandle (hObject=0x54) returned 1 [0028.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0028.809] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt.adv")) returned 1 [0028.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.810] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bff750, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bff750, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bff750, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3c1, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="js[1]", cAlternateFileName="JS_1_~1")) returned 1 [0028.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.811] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3c1, lpOverlapped=0x0) returned 1 [0028.812] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.812] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3c1, lpOverlapped=0x0) returned 1 [0028.812] CloseHandle (hObject=0x54) returned 1 [0028.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0028.813] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1].adv")) returned 1 [0028.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.813] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54e4ae90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54e4ae90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e4ae90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x88e7, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="latest[1].eot", cAlternateFileName="LATEST~1.EOT")) returned 1 [0028.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.813] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x88e7, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x88e7, lpOverlapped=0x0) returned 1 [0028.815] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.815] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x88e7, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x88e7, lpOverlapped=0x0) returned 1 [0028.816] CloseHandle (hObject=0x54) returned 1 [0028.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.816] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot.adv")) returned 1 [0028.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.817] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54772f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54772f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54772f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1180, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="meversion[1]", cAlternateFileName="MEVERS~1")) returned 1 [0028.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.817] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1180, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1180, lpOverlapped=0x0) returned 1 [0028.819] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.819] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1180, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1180, lpOverlapped=0x0) returned 1 [0028.819] CloseHandle (hObject=0x54) returned 1 [0028.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.819] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1].adv")) returned 1 [0028.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.819] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfaa91b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfaa91b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfaa91b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="only[1].htm", cAlternateFileName="ONLY_1~1.HTM")) returned 1 [0028.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\only[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.820] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.820] CloseHandle (hObject=0x54) returned 1 [0028.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0028.820] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\only[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\only[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\only[1].htm.adv")) returned 1 [0028.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.821] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x56ed3860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56ed3860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x56ed3860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x140, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="Passport[1].htm", cAlternateFileName="PASSPO~1.HTM")) returned 1 [0028.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.822] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x140, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x140, lpOverlapped=0x0) returned 1 [0028.824] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.824] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x140, lpOverlapped=0x0) returned 1 [0028.824] CloseHandle (hObject=0x54) returned 1 [0028.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.824] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm.adv")) returned 1 [0028.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.824] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61282d80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9f32, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="plusone[1].js", cAlternateFileName="PLUSON~1.JS")) returned 1 [0028.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.825] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.825] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9f32, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x9f32, lpOverlapped=0x0) returned 1 [0028.827] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.827] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9f32, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x9f32, lpOverlapped=0x0) returned 1 [0028.827] CloseHandle (hObject=0x54) returned 1 [0028.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.828] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js.adv")) returned 1 [0028.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.828] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6371bfc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6371bfc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6371bfc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="postmessageRelay[1].htm", cAlternateFileName="POSTME~1.HTM")) returned 1 [0028.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.829] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1fa, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1fa, lpOverlapped=0x0) returned 1 [0028.830] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.830] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1fa, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1fa, lpOverlapped=0x0) returned 1 [0028.830] CloseHandle (hObject=0x54) returned 1 [0028.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0028.830] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm.adv")) returned 1 [0028.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.831] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x555ac120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x555ac120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55a97d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19a6f, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="search[1].htm", cAlternateFileName="SEARCH~1.HTM")) returned 1 [0028.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.831] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19a6f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x19a6f, lpOverlapped=0x0) returned 1 [0028.834] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.834] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19a6f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x19a6f, lpOverlapped=0x0) returned 1 [0028.834] CloseHandle (hObject=0x54) returned 1 [0028.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.834] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm.adv")) returned 1 [0028.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.835] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54772f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54772f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54772f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c85b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="uhf-west-european-default.min[1].css", cAlternateFileName="UHF-WE~1.CSS")) returned 1 [0028.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.835] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c85b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c85b, lpOverlapped=0x0) returned 1 [0028.837] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.838] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c85b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c85b, lpOverlapped=0x0) returned 1 [0028.838] CloseHandle (hObject=0x54) returned 1 [0028.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f39c8 [0028.838] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css.adv")) returned 1 [0028.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.839] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.839] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54726c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54726c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54726c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1687, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="WebCore.4.19.0.ltr.light.min[1].css", cAlternateFileName="WEBCOR~1.CSS")) returned 1 [0028.839] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.839] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.839] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.839] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1687, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1687, lpOverlapped=0x0) returned 1 [0028.840] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.841] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1687, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1687, lpOverlapped=0x0) returned 1 [0028.841] CloseHandle (hObject=0x54) returned 1 [0028.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f39c8 [0028.841] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css.adv")) returned 1 [0028.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.841] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54726c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54726c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54726c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1687, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="WebCore.4.19.0.ltr.light.min[1].css", cAlternateFileName="WEBCOR~1.CSS")) returned 0 [0028.841] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0028.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3718 | out: hHeap=0x6d0000) returned 1 [0028.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34f0 | out: hHeap=0x6d0000) returned 1 [0028.841] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="ABV8L7MY", cAlternateFileName="")) returned 1 [0028.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32d8 [0028.842] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f34f0 [0028.842] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0028.842] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.842] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3718 [0028.842] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.842] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0028.844] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="..", cAlternateFileName="")) returned 1 [0028.845] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa36d90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa36d90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfa83050, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xe455, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="000000929096[1].gif", cAlternateFileName="000000~1.GIF")) returned 1 [0028.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.846] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe455, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xe455, lpOverlapped=0x0) returned 1 [0028.848] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.848] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe455, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xe455, lpOverlapped=0x0) returned 1 [0028.849] CloseHandle (hObject=0x54) returned 1 [0028.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.849] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif.adv")) returned 1 [0028.851] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.851] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.851] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6384cac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6384cac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6384cac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2929, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="1223855322-postmessagerelay[1].js", cAlternateFileName="122385~1.JS")) returned 1 [0028.851] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.852] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2929, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2929, lpOverlapped=0x0) returned 1 [0028.854] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.854] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2929, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2929, lpOverlapped=0x0) returned 1 [0028.854] CloseHandle (hObject=0x54) returned 1 [0028.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f39c8 [0028.854] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js.adv")) returned 1 [0028.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.854] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA3e1oO[1].png", cAlternateFileName="AA3E1O~1.PNG")) returned 1 [0028.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.855] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x29b, lpOverlapped=0x0) returned 1 [0028.856] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.856] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x29b, lpOverlapped=0x0) returned 1 [0028.856] CloseHandle (hObject=0x54) returned 1 [0028.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.857] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png.adv")) returned 1 [0028.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.857] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459d37f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x265, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA429NP[1].png", cAlternateFileName="AA429N~1.PNG")) returned 1 [0028.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.858] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x265, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x265, lpOverlapped=0x0) returned 1 [0028.860] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.861] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x265, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x265, lpOverlapped=0x0) returned 1 [0028.861] CloseHandle (hObject=0x54) returned 1 [0028.861] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.861] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png.adv")) returned 1 [0028.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.861] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530d5e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530d5e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530fbfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x252, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA42pjY[1].png", cAlternateFileName="AA42PJ~1.PNG")) returned 1 [0028.861] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.862] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x252, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x252, lpOverlapped=0x0) returned 1 [0028.863] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.863] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x252, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x252, lpOverlapped=0x0) returned 1 [0028.864] CloseHandle (hObject=0x54) returned 1 [0028.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.864] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png.adv")) returned 1 [0028.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.864] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe327870, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe327870, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe327870, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA61AKN[2].png", cAlternateFileName="AA61AK~2.PNG")) returned 1 [0028.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.865] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x248, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x248, lpOverlapped=0x0) returned 1 [0028.867] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.867] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x248, lpOverlapped=0x0) returned 1 [0028.867] CloseHandle (hObject=0x54) returned 1 [0028.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.867] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png.adv")) returned 1 [0028.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.868] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x21b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA6KizP[2].png", cAlternateFileName="AA6KIZ~2.PNG")) returned 1 [0028.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.868] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x21b, lpOverlapped=0x0) returned 1 [0028.870] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.870] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x21b, lpOverlapped=0x0) returned 1 [0028.870] CloseHandle (hObject=0x54) returned 1 [0028.870] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.870] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png.adv")) returned 1 [0028.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.870] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x27b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA7XCQ3[1].png", cAlternateFileName="AA7XCQ~1.PNG")) returned 1 [0028.870] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.871] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x27b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x27b, lpOverlapped=0x0) returned 1 [0028.873] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.873] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x27b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x27b, lpOverlapped=0x0) returned 1 [0028.874] CloseHandle (hObject=0x54) returned 1 [0028.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.874] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png.adv")) returned 1 [0028.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.874] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x268, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AA8Tave[1].png", cAlternateFileName="AA8TAV~1.PNG")) returned 1 [0028.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.875] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x268, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x268, lpOverlapped=0x0) returned 1 [0028.876] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.876] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x268, lpOverlapped=0x0) returned 1 [0028.876] CloseHandle (hObject=0x54) returned 1 [0028.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.876] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png.adv")) returned 1 [0028.877] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.877] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.877] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x21e, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AAfOIDq[1].png", cAlternateFileName="AAFOID~1.PNG")) returned 1 [0028.877] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.877] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.877] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.877] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x21e, lpOverlapped=0x0) returned 1 [0028.879] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.879] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x21e, lpOverlapped=0x0) returned 1 [0028.879] CloseHandle (hObject=0x54) returned 1 [0028.879] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.879] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png.adv")) returned 1 [0028.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.880] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2e3, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AAkhMz9[2].png", cAlternateFileName="AAKHMZ~2.PNG")) returned 1 [0028.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.880] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2e3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2e3, lpOverlapped=0x0) returned 1 [0028.882] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.882] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2e3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2e3, lpOverlapped=0x0) returned 1 [0028.882] CloseHandle (hObject=0x54) returned 1 [0028.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.882] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png.adv")) returned 1 [0028.883] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.883] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.883] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AAmRY2Q[1].png", cAlternateFileName="AAMRY2~1.PNG")) returned 1 [0028.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.883] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.883] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x12c, lpOverlapped=0x0) returned 1 [0028.885] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.885] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x12c, lpOverlapped=0x0) returned 1 [0028.885] CloseHandle (hObject=0x54) returned 1 [0028.885] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.885] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png.adv")) returned 1 [0028.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.886] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="AAni8qk[1].png", cAlternateFileName="AANI8Q~1.PNG")) returned 1 [0028.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.886] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x391, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x391, lpOverlapped=0x0) returned 1 [0028.888] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.888] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x391, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x391, lpOverlapped=0x0) returned 1 [0028.888] CloseHandle (hObject=0x54) returned 1 [0028.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.888] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png.adv")) returned 1 [0028.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.888] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf1239b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf1239b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf1239b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7a52, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="adition[1].js", cAlternateFileName="ADITIO~1.JS")) returned 1 [0028.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.889] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7a52, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7a52, lpOverlapped=0x0) returned 1 [0028.891] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.891] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7a52, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7a52, lpOverlapped=0x0) returned 1 [0028.891] CloseHandle (hObject=0x54) returned 1 [0028.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.891] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js.adv")) returned 1 [0028.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.892] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53c4a830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="async_usersync[1].htm", cAlternateFileName="ASYNC_~1.HTM")) returned 1 [0028.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.893] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3e3, lpOverlapped=0x0) returned 1 [0028.894] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.894] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3e3, lpOverlapped=0x0) returned 1 [0028.894] CloseHandle (hObject=0x54) returned 1 [0028.894] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0028.894] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm.adv")) returned 1 [0028.895] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.895] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.895] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53bb22b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bb22b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53bfe570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5feb, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg", cAlternateFileName="B367C0~1.JPG")) returned 1 [0028.895] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.895] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.895] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.895] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5feb, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x5feb, lpOverlapped=0x0) returned 1 [0028.897] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.897] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5feb, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x5feb, lpOverlapped=0x0) returned 1 [0028.898] CloseHandle (hObject=0x54) returned 1 [0028.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f39c8 [0028.898] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg.adv")) returned 1 [0028.898] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.898] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.898] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459613d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1aa, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BB8jcOr[2].png", cAlternateFileName="BB8JCO~2.PNG")) returned 1 [0028.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.898] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.899] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1aa, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1aa, lpOverlapped=0x0) returned 1 [0028.900] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.900] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1aa, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1aa, lpOverlapped=0x0) returned 1 [0028.900] CloseHandle (hObject=0x54) returned 1 [0028.900] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.901] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png.adv")) returned 1 [0028.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.901] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c22, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBB8ZbM[1].jpg", cAlternateFileName="BBB8ZB~1.JPG")) returned 1 [0028.901] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.901] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.901] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c22, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c22, lpOverlapped=0x0) returned 1 [0028.903] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.903] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c22, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c22, lpOverlapped=0x0) returned 1 [0028.903] CloseHandle (hObject=0x54) returned 1 [0028.903] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.903] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg.adv")) returned 1 [0028.904] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.904] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.904] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x234, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBB9wH0[1].png", cAlternateFileName="BBB9WH~1.PNG")) returned 1 [0028.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.904] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.904] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x234, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x234, lpOverlapped=0x0) returned 1 [0028.906] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.906] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x234, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x234, lpOverlapped=0x0) returned 1 [0028.906] CloseHandle (hObject=0x54) returned 1 [0028.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.906] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png.adv")) returned 1 [0028.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.907] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x642446e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x642446e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x642446e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ac7, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBCFjo[1].jpg", cAlternateFileName="BBBCFJ~1.JPG")) returned 1 [0028.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.907] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2ac7, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2ac7, lpOverlapped=0x0) returned 1 [0028.909] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.909] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2ac7, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2ac7, lpOverlapped=0x0) returned 1 [0028.909] CloseHandle (hObject=0x54) returned 1 [0028.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.909] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg.adv")) returned 1 [0028.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.910] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533cf9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533cf9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533cf9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7c9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBDtcM[1].jpg", cAlternateFileName="BBBDTC~1.JPG")) returned 1 [0028.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.911] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7c9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7c9, lpOverlapped=0x0) returned 1 [0028.913] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.913] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7c9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7c9, lpOverlapped=0x0) returned 1 [0028.913] CloseHandle (hObject=0x54) returned 1 [0028.913] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.913] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg.adv")) returned 1 [0028.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.913] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53b8c150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1f19, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBIeNJ[1].jpg", cAlternateFileName="BBBIEN~1.JPG")) returned 1 [0028.913] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.913] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.914] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f19, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1f19, lpOverlapped=0x0) returned 1 [0028.918] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.918] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f19, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1f19, lpOverlapped=0x0) returned 1 [0028.918] CloseHandle (hObject=0x54) returned 1 [0028.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.918] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg.adv")) returned 1 [0028.918] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.918] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.918] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53598a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53598a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53598a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x711, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBImKX[1].jpg", cAlternateFileName="BBBIMK~1.JPG")) returned 1 [0028.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.920] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x711, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x711, lpOverlapped=0x0) returned 1 [0028.922] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.922] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x711, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x711, lpOverlapped=0x0) returned 1 [0028.922] CloseHandle (hObject=0x54) returned 1 [0028.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.922] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg.adv")) returned 1 [0028.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.923] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b9c870, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2569, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBL4R9[1].jpg", cAlternateFileName="BBBL4R~1.JPG")) returned 1 [0028.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.923] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2569, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2569, lpOverlapped=0x0) returned 1 [0028.925] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.925] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2569, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2569, lpOverlapped=0x0) returned 1 [0028.926] CloseHandle (hObject=0x54) returned 1 [0028.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.926] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg.adv")) returned 1 [0028.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.926] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30d2, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBLhTZ[1].jpg", cAlternateFileName="BBBLHT~1.JPG")) returned 1 [0028.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.927] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x30d2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x30d2, lpOverlapped=0x0) returned 1 [0028.929] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.929] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x30d2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x30d2, lpOverlapped=0x0) returned 1 [0028.929] CloseHandle (hObject=0x54) returned 1 [0028.929] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.929] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg.adv")) returned 1 [0028.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.930] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9b9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBnhZY[1].jpg", cAlternateFileName="BBBNHZ~1.JPG")) returned 1 [0028.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.930] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9b9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x9b9, lpOverlapped=0x0) returned 1 [0028.932] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.932] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9b9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x9b9, lpOverlapped=0x0) returned 1 [0028.932] CloseHandle (hObject=0x54) returned 1 [0028.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.932] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg.adv")) returned 1 [0028.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.933] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x671dfee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x671dfee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x67206040, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f4, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBPhAr[1].jpg", cAlternateFileName="BBBPHA~1.JPG")) returned 1 [0028.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.933] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x48f4, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x48f4, lpOverlapped=0x0) returned 1 [0028.935] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.935] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x48f4, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x48f4, lpOverlapped=0x0) returned 1 [0028.935] CloseHandle (hObject=0x54) returned 1 [0028.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.935] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg.adv")) returned 1 [0028.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.936] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c21, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBPiby[1].jpg", cAlternateFileName="BBBPIB~1.JPG")) returned 1 [0028.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.936] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c21, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c21, lpOverlapped=0x0) returned 1 [0028.938] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.938] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c21, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c21, lpOverlapped=0x0) returned 1 [0028.938] CloseHandle (hObject=0x54) returned 1 [0028.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.938] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg.adv")) returned 1 [0028.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.939] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x16bf, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBPmXJ[1].jpg", cAlternateFileName="BBBPMX~1.JPG")) returned 1 [0028.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.939] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16bf, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x16bf, lpOverlapped=0x0) returned 1 [0028.941] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.941] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16bf, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x16bf, lpOverlapped=0x0) returned 1 [0028.941] CloseHandle (hObject=0x54) returned 1 [0028.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.941] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg.adv")) returned 1 [0028.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.942] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530d5e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530d5e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x21feb, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBPS37[1].png", cAlternateFileName="BBBPS3~1.PNG")) returned 1 [0028.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.942] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21feb, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x21feb, lpOverlapped=0x0) returned 1 [0028.945] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.945] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21feb, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x21feb, lpOverlapped=0x0) returned 1 [0028.946] CloseHandle (hObject=0x54) returned 1 [0028.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.946] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png.adv")) returned 1 [0028.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.946] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBQiBF[1].jpg", cAlternateFileName="BBBQIB~1.JPG")) returned 1 [0028.948] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.948] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.948] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.948] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12f9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x12f9, lpOverlapped=0x0) returned 1 [0028.950] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.950] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12f9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x12f9, lpOverlapped=0x0) returned 1 [0028.950] CloseHandle (hObject=0x54) returned 1 [0028.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.950] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg.adv")) returned 1 [0028.951] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.951] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.951] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533cf9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533cf9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533cf9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBty8h[1].jpg", cAlternateFileName="BBBTY8~1.JPG")) returned 1 [0028.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.951] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.951] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.951] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9a9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x9a9, lpOverlapped=0x0) returned 1 [0028.953] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.953] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9a9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x9a9, lpOverlapped=0x0) returned 1 [0028.953] CloseHandle (hObject=0x54) returned 1 [0028.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.953] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg.adv")) returned 1 [0028.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.953] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5303d8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5303d8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5303d8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1b08, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBVACL[1].jpg", cAlternateFileName="BBBVAC~1.JPG")) returned 1 [0028.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.954] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1b08, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1b08, lpOverlapped=0x0) returned 1 [0028.956] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.956] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1b08, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1b08, lpOverlapped=0x0) returned 1 [0028.956] CloseHandle (hObject=0x54) returned 1 [0028.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.957] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg.adv")) returned 1 [0028.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.957] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e29b2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e29b2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5e29b2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c41, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBVGyR[1].jpg", cAlternateFileName="BBBVGY~1.JPG")) returned 1 [0028.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.958] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c41, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c41, lpOverlapped=0x0) returned 1 [0028.959] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.959] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c41, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c41, lpOverlapped=0x0) returned 1 [0028.959] CloseHandle (hObject=0x54) returned 1 [0028.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.960] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg.adv")) returned 1 [0028.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.960] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBVMtX[1].jpg", cAlternateFileName="BBBVMT~1.JPG")) returned 1 [0028.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.961] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x950, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x950, lpOverlapped=0x0) returned 1 [0028.963] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.963] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x950, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x950, lpOverlapped=0x0) returned 1 [0028.963] CloseHandle (hObject=0x54) returned 1 [0028.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.963] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg.adv")) returned 1 [0028.964] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.964] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.964] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5530da90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1bba, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBVYsu[1].jpg", cAlternateFileName="BBBVYS~1.JPG")) returned 1 [0028.964] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.964] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.964] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.965] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1bba, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1bba, lpOverlapped=0x0) returned 1 [0028.966] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.966] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1bba, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1bba, lpOverlapped=0x0) returned 1 [0028.966] CloseHandle (hObject=0x54) returned 1 [0028.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.967] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg.adv")) returned 1 [0028.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.967] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5154fff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5154fff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51576150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x76a, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBWLtW[1].jpg", cAlternateFileName="BBBWLT~1.JPG")) returned 1 [0028.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.968] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x76a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x76a, lpOverlapped=0x0) returned 1 [0028.969] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.969] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x76a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x76a, lpOverlapped=0x0) returned 1 [0028.969] CloseHandle (hObject=0x54) returned 1 [0028.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.969] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg.adv")) returned 1 [0028.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.970] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f32f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f32f30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f32f30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x95f, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBX3xB[1].jpg", cAlternateFileName="BBBX3X~1.JPG")) returned 1 [0028.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.971] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x95f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x95f, lpOverlapped=0x0) returned 1 [0028.972] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.972] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x95f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x95f, lpOverlapped=0x0) returned 1 [0028.973] CloseHandle (hObject=0x54) returned 1 [0028.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.973] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg.adv")) returned 1 [0028.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.973] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533112f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533112f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533112f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x241e, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBY98e[1].jpg", cAlternateFileName="BBBY98~1.JPG")) returned 1 [0028.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.974] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x241e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x241e, lpOverlapped=0x0) returned 1 [0028.976] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.976] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x241e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x241e, lpOverlapped=0x0) returned 1 [0028.976] CloseHandle (hObject=0x54) returned 1 [0028.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.976] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg.adv")) returned 1 [0028.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.977] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x938, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBBZYVP[1].jpg", cAlternateFileName="BBBZYV~1.JPG")) returned 1 [0028.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.977] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x938, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x938, lpOverlapped=0x0) returned 1 [0028.979] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.979] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x938, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x938, lpOverlapped=0x0) returned 1 [0028.979] CloseHandle (hObject=0x54) returned 1 [0028.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.979] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg.adv")) returned 1 [0028.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.980] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x192a, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC04o2[1].jpg", cAlternateFileName="BBC04O~1.JPG")) returned 1 [0028.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.980] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x192a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x192a, lpOverlapped=0x0) returned 1 [0028.982] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.982] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x192a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x192a, lpOverlapped=0x0) returned 1 [0028.982] CloseHandle (hObject=0x54) returned 1 [0028.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.982] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg.adv")) returned 1 [0028.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.983] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23fb, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC04ok[1].jpg", cAlternateFileName="BBC04O~2.JPG")) returned 1 [0028.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.983] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23fb, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x23fb, lpOverlapped=0x0) returned 1 [0028.985] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.985] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23fb, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x23fb, lpOverlapped=0x0) returned 1 [0028.985] CloseHandle (hObject=0x54) returned 1 [0028.985] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.985] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg.adv")) returned 1 [0028.988] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.988] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.988] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539e9230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539e9230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539e9230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a99, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC04we[1].jpg", cAlternateFileName="BBC04W~1.JPG")) returned 1 [0028.988] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.988] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.988] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.988] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a99, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2a99, lpOverlapped=0x0) returned 1 [0028.990] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.991] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a99, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2a99, lpOverlapped=0x0) returned 1 [0028.991] CloseHandle (hObject=0x54) returned 1 [0028.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.991] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg.adv")) returned 1 [0028.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.991] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e02430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e02430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC05rl[1].jpg", cAlternateFileName="BBC05R~1.JPG")) returned 1 [0028.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.992] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3200, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3200, lpOverlapped=0x0) returned 1 [0028.994] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.994] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3200, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3200, lpOverlapped=0x0) returned 1 [0028.994] CloseHandle (hObject=0x54) returned 1 [0028.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.994] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg.adv")) returned 1 [0028.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.994] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ec0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7e1, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC05rl[2].jpg", cAlternateFileName="BBC05R~2.JPG")) returned 1 [0028.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.995] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7e1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7e1, lpOverlapped=0x0) returned 1 [0028.997] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0028.997] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7e1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7e1, lpOverlapped=0x0) returned 1 [0028.997] CloseHandle (hObject=0x54) returned 1 [0028.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0028.997] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg.adv")) returned 1 [0028.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0028.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0028.998] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ff1610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ff1610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ff1610, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1b4e, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0ATj[1].jpg", cAlternateFileName="BBC0AT~1.JPG")) returned 1 [0028.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0028.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0028.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0028.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0028.999] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1b4e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1b4e, lpOverlapped=0x0) returned 1 [0029.000] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.000] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1b4e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1b4e, lpOverlapped=0x0) returned 1 [0029.000] CloseHandle (hObject=0x54) returned 1 [0029.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.000] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg.adv")) returned 1 [0029.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.001] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5392ab50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5392ab50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5392ab50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x751, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0D8i[1].jpg", cAlternateFileName="BBC0D8~1.JPG")) returned 1 [0029.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.001] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x751, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x751, lpOverlapped=0x0) returned 1 [0029.003] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.003] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x751, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x751, lpOverlapped=0x0) returned 1 [0029.003] CloseHandle (hObject=0x54) returned 1 [0029.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.004] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg.adv")) returned 1 [0029.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.004] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51256470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x200e, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0g7a[1].jpg", cAlternateFileName="BBC0G7~1.JPG")) returned 1 [0029.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.005] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x200e, lpOverlapped=0x0) returned 1 [0029.006] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.006] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x200e, lpOverlapped=0x0) returned 1 [0029.007] CloseHandle (hObject=0x54) returned 1 [0029.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.007] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg.adv")) returned 1 [0029.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.007] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f7f1f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1dcb, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0w1b[1].jpg", cAlternateFileName="BBC0W1~1.JPG")) returned 1 [0029.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.008] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1dcb, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1dcb, lpOverlapped=0x0) returned 1 [0029.010] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.010] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1dcb, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1dcb, lpOverlapped=0x0) returned 1 [0029.010] CloseHandle (hObject=0x54) returned 1 [0029.010] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.010] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg.adv")) returned 1 [0029.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.011] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55333bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23ba, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBC0xLt[1].jpg", cAlternateFileName="BBC0XL~1.JPG")) returned 1 [0029.011] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.011] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.011] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23ba, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x23ba, lpOverlapped=0x0) returned 1 [0029.013] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.013] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23ba, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x23ba, lpOverlapped=0x0) returned 1 [0029.013] CloseHandle (hObject=0x54) returned 1 [0029.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.013] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg.adv")) returned 1 [0029.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.014] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xb58, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBDWA22[1].jpg", cAlternateFileName="BBDWA2~1.JPG")) returned 1 [0029.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.014] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb58, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xb58, lpOverlapped=0x0) returned 1 [0029.016] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.016] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb58, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xb58, lpOverlapped=0x0) returned 1 [0029.016] CloseHandle (hObject=0x54) returned 1 [0029.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.016] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg.adv")) returned 1 [0029.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.017] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x91d, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBE7d3b[1].jpg", cAlternateFileName="BBE7D3~1.JPG")) returned 1 [0029.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.018] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x91d, lpOverlapped=0x0) returned 1 [0029.019] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.019] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x91d, lpOverlapped=0x0) returned 1 [0029.020] CloseHandle (hObject=0x54) returned 1 [0029.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.020] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg.adv")) returned 1 [0029.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.020] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45583010, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45583010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x455a9170, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2850, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBE85ld[1].jpg", cAlternateFileName="BBE85L~1.JPG")) returned 1 [0029.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.021] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2850, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2850, lpOverlapped=0x0) returned 1 [0029.022] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.022] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2850, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2850, lpOverlapped=0x0) returned 1 [0029.022] CloseHandle (hObject=0x54) returned 1 [0029.022] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.022] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg.adv")) returned 1 [0029.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.023] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459613d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x16ca, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEdckp[1].jpg", cAlternateFileName="BBEDCK~1.JPG")) returned 1 [0029.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.023] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16ca, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x16ca, lpOverlapped=0x0) returned 1 [0029.025] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.025] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16ca, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x16ca, lpOverlapped=0x0) returned 1 [0029.026] CloseHandle (hObject=0x54) returned 1 [0029.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.026] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg.adv")) returned 1 [0029.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.026] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xafe, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEdMci[1].jpg", cAlternateFileName="BBEDMC~1.JPG")) returned 1 [0029.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.027] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xafe, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xafe, lpOverlapped=0x0) returned 1 [0029.028] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.028] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xafe, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xafe, lpOverlapped=0x0) returned 1 [0029.028] CloseHandle (hObject=0x54) returned 1 [0029.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.029] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg.adv")) returned 1 [0029.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.029] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4580a770, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4580a770, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4580a770, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2a48, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEdSLV[1].jpg", cAlternateFileName="BBEDSL~1.JPG")) returned 1 [0029.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.030] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a48, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2a48, lpOverlapped=0x0) returned 1 [0029.031] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.031] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a48, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2a48, lpOverlapped=0x0) returned 1 [0029.032] CloseHandle (hObject=0x54) returned 1 [0029.032] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg.adv")) returned 1 [0029.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.032] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x87f, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEe2Pd[1].jpg", cAlternateFileName="BBEE2P~1.JPG")) returned 1 [0029.032] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.032] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.033] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x87f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x87f, lpOverlapped=0x0) returned 1 [0029.035] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.035] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x87f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x87f, lpOverlapped=0x0) returned 1 [0029.035] CloseHandle (hObject=0x54) returned 1 [0029.035] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.035] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg.adv")) returned 1 [0029.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.036] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4587cb90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3faf, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEe4Oo[1].png", cAlternateFileName="BBEE4O~1.PNG")) returned 1 [0029.036] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.036] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.037] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3faf, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3faf, lpOverlapped=0x0) returned 1 [0029.038] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.038] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3faf, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3faf, lpOverlapped=0x0) returned 1 [0029.039] CloseHandle (hObject=0x54) returned 1 [0029.039] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.039] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png.adv")) returned 1 [0029.039] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.039] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.039] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b505b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xaa9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEe6Ew[1].jpg", cAlternateFileName="BBEE6E~1.JPG")) returned 1 [0029.039] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.039] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.039] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.040] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaa9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xaa9, lpOverlapped=0x0) returned 1 [0029.042] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.042] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaa9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xaa9, lpOverlapped=0x0) returned 1 [0029.042] CloseHandle (hObject=0x54) returned 1 [0029.042] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.042] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg.adv")) returned 1 [0029.043] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.043] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.043] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454c4930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1d26, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEeFp3[1].jpg", cAlternateFileName="BBEEFP~1.JPG")) returned 1 [0029.043] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.043] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.043] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.043] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d26, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1d26, lpOverlapped=0x0) returned 1 [0029.045] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.045] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d26, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1d26, lpOverlapped=0x0) returned 1 [0029.045] CloseHandle (hObject=0x54) returned 1 [0029.045] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.045] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg.adv")) returned 1 [0029.045] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.045] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.045] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe3bfdf0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe3bfdf0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe3bfdf0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x780, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEeGwU[1].jpg", cAlternateFileName="BBEEGW~1.JPG")) returned 1 [0029.046] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.046] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.046] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x780, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x780, lpOverlapped=0x0) returned 1 [0029.047] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.047] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x780, lpOverlapped=0x0) returned 1 [0029.048] CloseHandle (hObject=0x54) returned 1 [0029.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.048] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg.adv")) returned 1 [0029.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.048] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b505b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7be, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEeUg0[1].jpg", cAlternateFileName="BBEEUG~1.JPG")) returned 1 [0029.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.049] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7be, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7be, lpOverlapped=0x0) returned 1 [0029.050] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.050] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7be, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7be, lpOverlapped=0x0) returned 1 [0029.050] CloseHandle (hObject=0x54) returned 1 [0029.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.050] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg.adv")) returned 1 [0029.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.051] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3a2a, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEeZnr[1].jpg", cAlternateFileName="BBEEZN~1.JPG")) returned 1 [0029.056] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.056] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.056] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.056] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.056] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3a2a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3a2a, lpOverlapped=0x0) returned 1 [0029.057] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.058] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3a2a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3a2a, lpOverlapped=0x0) returned 1 [0029.058] CloseHandle (hObject=0x54) returned 1 [0029.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.058] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg.adv")) returned 1 [0029.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.058] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2f76, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEf5Lq[1].jpg", cAlternateFileName="BBEF5L~1.JPG")) returned 1 [0029.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.059] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2f76, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2f76, lpOverlapped=0x0) returned 1 [0029.061] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.061] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2f76, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2f76, lpOverlapped=0x0) returned 1 [0029.061] CloseHandle (hObject=0x54) returned 1 [0029.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.061] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg.adv")) returned 1 [0029.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.062] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4574c090, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x786, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEfwtU[1].jpg", cAlternateFileName="BBEFWT~1.JPG")) returned 1 [0029.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.063] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x786, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x786, lpOverlapped=0x0) returned 1 [0029.065] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.065] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x786, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x786, lpOverlapped=0x0) returned 1 [0029.065] CloseHandle (hObject=0x54) returned 1 [0029.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.065] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg.adv")) returned 1 [0029.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.066] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xa07, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEfzSd[1].jpg", cAlternateFileName="BBEFZS~1.JPG")) returned 1 [0029.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.067] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa07, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xa07, lpOverlapped=0x0) returned 1 [0029.069] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.069] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa07, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xa07, lpOverlapped=0x0) returned 1 [0029.069] CloseHandle (hObject=0x54) returned 1 [0029.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.069] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg.adv")) returned 1 [0029.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.069] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454eaa90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454eaa90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454eaa90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1998, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgCuQ[1].jpg", cAlternateFileName="BBEGCU~1.JPG")) returned 1 [0029.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.071] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1998, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1998, lpOverlapped=0x0) returned 1 [0029.072] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.072] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1998, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1998, lpOverlapped=0x0) returned 1 [0029.072] CloseHandle (hObject=0x54) returned 1 [0029.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.072] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg.adv")) returned 1 [0029.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.073] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454eaa90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1a65, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgHzB[1].jpg", cAlternateFileName="BBEGHZ~1.JPG")) returned 1 [0029.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.073] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a65, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1a65, lpOverlapped=0x0) returned 1 [0029.075] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.075] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a65, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1a65, lpOverlapped=0x0) returned 1 [0029.075] CloseHandle (hObject=0x54) returned 1 [0029.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.075] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg.adv")) returned 1 [0029.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.076] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdeb0f30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5a45, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgIl2[1].jpg", cAlternateFileName="BBEGIL~1.JPG")) returned 1 [0029.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.076] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5a45, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x5a45, lpOverlapped=0x0) returned 1 [0029.078] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.078] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5a45, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x5a45, lpOverlapped=0x0) returned 1 [0029.078] CloseHandle (hObject=0x54) returned 1 [0029.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.078] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg.adv")) returned 1 [0029.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.079] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b2a450, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x388f, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgIl2[2].jpg", cAlternateFileName="BBEGIL~2.JPG")) returned 1 [0029.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.079] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x388f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x388f, lpOverlapped=0x0) returned 1 [0029.081] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.081] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x388f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x388f, lpOverlapped=0x0) returned 1 [0029.082] CloseHandle (hObject=0x54) returned 1 [0029.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.082] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg.adv")) returned 1 [0029.082] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.082] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.082] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1e97, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgIyL[1].jpg", cAlternateFileName="BBEGIY~1.JPG")) returned 1 [0029.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.082] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.083] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1e97, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1e97, lpOverlapped=0x0) returned 1 [0029.084] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.084] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1e97, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1e97, lpOverlapped=0x0) returned 1 [0029.085] CloseHandle (hObject=0x54) returned 1 [0029.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.085] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg.adv")) returned 1 [0029.085] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.085] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.085] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23bf, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgkY6[1].jpg", cAlternateFileName="BBEGKY~1.JPG")) returned 1 [0029.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.085] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.086] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23bf, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x23bf, lpOverlapped=0x0) returned 1 [0029.087] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.087] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23bf, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x23bf, lpOverlapped=0x0) returned 1 [0029.088] CloseHandle (hObject=0x54) returned 1 [0029.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.088] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg.adv")) returned 1 [0029.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.088] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4574c090, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8df, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgLzV[1].jpg", cAlternateFileName="BBEGLZ~1.JPG")) returned 1 [0029.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.089] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8df, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x8df, lpOverlapped=0x0) returned 1 [0029.090] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.090] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8df, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x8df, lpOverlapped=0x0) returned 1 [0029.091] CloseHandle (hObject=0x54) returned 1 [0029.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.091] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg.adv")) returned 1 [0029.091] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.091] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.091] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b8d, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgUri[1].jpg", cAlternateFileName="BBEGUR~1.JPG")) returned 1 [0029.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.092] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b8d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2b8d, lpOverlapped=0x0) returned 1 [0029.094] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.094] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b8d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2b8d, lpOverlapped=0x0) returned 1 [0029.094] CloseHandle (hObject=0x54) returned 1 [0029.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.094] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg.adv")) returned 1 [0029.095] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457721f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457721f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457721f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x201f, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgXBv[1].jpg", cAlternateFileName="BBEGXB~1.JPG")) returned 1 [0029.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.095] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x201f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x201f, lpOverlapped=0x0) returned 1 [0029.097] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.097] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x201f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x201f, lpOverlapped=0x0) returned 1 [0029.097] CloseHandle (hObject=0x54) returned 1 [0029.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.097] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg.adv")) returned 1 [0029.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.098] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe327870, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe327870, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe34d9d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6e9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBEgZME[1].jpg", cAlternateFileName="BBEGZM~1.JPG")) returned 1 [0029.098] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.098] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.099] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6e9, lpOverlapped=0x0) returned 1 [0029.100] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.101] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6e9, lpOverlapped=0x0) returned 1 [0029.101] CloseHandle (hObject=0x54) returned 1 [0029.101] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.101] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg.adv")) returned 1 [0029.101] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.101] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.101] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBghfVy[1].png", cAlternateFileName="BBGHFV~1.PNG")) returned 1 [0029.101] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.101] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.101] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.102] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1dc, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1dc, lpOverlapped=0x0) returned 1 [0029.103] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.103] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1dc, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1dc, lpOverlapped=0x0) returned 1 [0029.104] CloseHandle (hObject=0x54) returned 1 [0029.104] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.104] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png.adv")) returned 1 [0029.104] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.104] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.104] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1af, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBkwUr[1].png", cAlternateFileName="BBKWUR~1.PNG")) returned 1 [0029.104] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.104] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.104] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.105] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1af, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1af, lpOverlapped=0x0) returned 1 [0029.106] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.106] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1af, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1af, lpOverlapped=0x0) returned 1 [0029.107] CloseHandle (hObject=0x54) returned 1 [0029.107] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.107] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png.adv")) returned 1 [0029.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.107] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBlBV0U[1].png", cAlternateFileName="BBLBV0~1.PNG")) returned 1 [0029.107] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.107] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.107] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.108] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x23b, lpOverlapped=0x0) returned 1 [0029.109] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.109] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x23b, lpOverlapped=0x0) returned 1 [0029.109] CloseHandle (hObject=0x54) returned 1 [0029.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.109] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png.adv")) returned 1 [0029.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.110] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5159c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3376, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="BBzhWWE[1].jpg", cAlternateFileName="BBZHWW~1.JPG")) returned 1 [0029.110] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.110] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.110] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3376, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3376, lpOverlapped=0x0) returned 1 [0029.112] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.112] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3376, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3376, lpOverlapped=0x0) returned 1 [0029.112] CloseHandle (hObject=0x54) returned 1 [0029.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.113] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg.adv")) returned 1 [0029.113] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.113] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.113] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60baae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60baae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60c433c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13c06, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="benefits-2[1].jpg", cAlternateFileName="BENEFI~2.JPG")) returned 1 [0029.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.113] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.114] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13c06, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x13c06, lpOverlapped=0x0) returned 1 [0029.116] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.116] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13c06, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x13c06, lpOverlapped=0x0) returned 1 [0029.117] CloseHandle (hObject=0x54) returned 1 [0029.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.117] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg.adv")) returned 1 [0029.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.117] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60b84ce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60b84ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60c1d260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144cd, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="benefits-4[1].jpg", cAlternateFileName="BENEFI~1.JPG")) returned 1 [0029.118] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.118] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.118] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x144cd, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x144cd, lpOverlapped=0x0) returned 1 [0029.121] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.121] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x144cd, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x144cd, lpOverlapped=0x0) returned 1 [0029.121] CloseHandle (hObject=0x54) returned 1 [0029.121] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.122] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg.adv")) returned 1 [0029.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.122] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf4dbc10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf4dbc10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf4dbc10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6f15, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="bootstrap[1].js", cAlternateFileName="BOOTST~1.JS")) returned 1 [0029.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.123] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6f15, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6f15, lpOverlapped=0x0) returned 1 [0029.124] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.124] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6f15, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6f15, lpOverlapped=0x0) returned 1 [0029.125] CloseHandle (hObject=0x54) returned 1 [0029.125] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.125] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js.adv")) returned 1 [0029.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.127] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x583e0320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x583e0320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x583e0320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf6, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="browser[1].htm", cAlternateFileName="BROWSE~1.HTM")) returned 1 [0029.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.129] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaf6, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xaf6, lpOverlapped=0x0) returned 1 [0029.130] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.130] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaf6, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xaf6, lpOverlapped=0x0) returned 1 [0029.130] CloseHandle (hObject=0x54) returned 1 [0029.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.130] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm.adv")) returned 1 [0029.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.131] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b2b1b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b2b1b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b2b1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4dd8, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="bs-jsdep[1].css", cAlternateFileName="BS-JSD~1.CSS")) returned 1 [0029.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.132] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4dd8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4dd8, lpOverlapped=0x0) returned 1 [0029.134] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.134] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4dd8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4dd8, lpOverlapped=0x0) returned 1 [0029.134] CloseHandle (hObject=0x54) returned 1 [0029.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.134] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css.adv")) returned 1 [0029.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.134] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61341460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61341460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x613675c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c9f6, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="cb=gapi[1].loaded_0", cAlternateFileName="CB_GAP~1.LOA")) returned 1 [0029.135] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.135] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.135] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.136] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c9f6, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c9f6, lpOverlapped=0x0) returned 1 [0029.138] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.138] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c9f6, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c9f6, lpOverlapped=0x0) returned 1 [0029.139] CloseHandle (hObject=0x54) returned 1 [0029.139] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.139] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0.adv")) returned 1 [0029.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.139] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="collect[1].gif", cAlternateFileName="COLLEC~1.GIF")) returned 1 [0029.139] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.139] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.140] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2b, lpOverlapped=0x0) returned 1 [0029.142] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.142] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2b, lpOverlapped=0x0) returned 1 [0029.142] CloseHandle (hObject=0x54) returned 1 [0029.142] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.142] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif.adv")) returned 1 [0029.143] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.143] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.143] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b51310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b51310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b51310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29349, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="core[1].css", cAlternateFileName="CORE_1~1.CSS")) returned 1 [0029.143] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.143] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.143] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.144] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29349, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x29349, lpOverlapped=0x0) returned 1 [0029.147] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.147] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29349, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x29349, lpOverlapped=0x0) returned 1 [0029.148] CloseHandle (hObject=0x54) returned 1 [0029.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.148] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css.adv")) returned 1 [0029.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.148] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0029.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.149] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x43, lpOverlapped=0x0) returned 1 [0029.150] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.150] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x43, lpOverlapped=0x0) returned 1 [0029.150] CloseHandle (hObject=0x54) returned 1 [0029.150] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.150] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini.adv")) returned 1 [0029.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.150] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54ca7f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54ca7f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54ca7f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a3c, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="DevCMDL2.2.18[1].eot", cAlternateFileName="DEVCMD~1.EOT")) returned 1 [0029.150] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.151] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.152] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a3c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2a3c, lpOverlapped=0x0) returned 1 [0029.153] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.153] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a3c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2a3c, lpOverlapped=0x0) returned 1 [0029.153] CloseHandle (hObject=0x54) returned 1 [0029.153] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.153] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot.adv")) returned 1 [0029.154] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.154] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.154] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5120a1b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5120a1b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5120a1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="e151e5[1].gif", cAlternateFileName="E151E5~1.GIF")) returned 1 [0029.154] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.154] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.154] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.155] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2b, lpOverlapped=0x0) returned 1 [0029.156] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.156] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2b, lpOverlapped=0x0) returned 1 [0029.156] CloseHandle (hObject=0x54) returned 1 [0029.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.156] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif.adv")) returned 1 [0029.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.157] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5101afd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5101afd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5101afd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24e29, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="e4-190963-91cdfbc1[1].txt", cAlternateFileName="E4-190~1.TXT")) returned 1 [0029.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.157] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24e29, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x24e29, lpOverlapped=0x0) returned 1 [0029.160] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.160] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24e29, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x24e29, lpOverlapped=0x0) returned 1 [0029.161] CloseHandle (hObject=0x54) returned 1 [0029.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.161] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt.adv")) returned 1 [0029.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.162] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60b5eb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60b5eb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60f89200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8f5, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="eula_text[1].htm", cAlternateFileName="EULA_T~1.HTM")) returned 1 [0029.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.162] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf8f5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xf8f5, lpOverlapped=0x0) returned 1 [0029.164] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.164] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf8f5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xf8f5, lpOverlapped=0x0) returned 1 [0029.165] CloseHandle (hObject=0x54) returned 1 [0029.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.165] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm.adv")) returned 1 [0029.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.165] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62410fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62410fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x62410fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x34ce, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="f[1].txt", cAlternateFileName="F_1_~1.TXT")) returned 1 [0029.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.166] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x34ce, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x34ce, lpOverlapped=0x0) returned 1 [0029.168] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.168] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x34ce, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x34ce, lpOverlapped=0x0) returned 1 [0029.168] CloseHandle (hObject=0x54) returned 1 [0029.168] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.168] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt.adv")) returned 1 [0029.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.170] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1254, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]", cAlternateFileName="GETYPE~1")) returned 1 [0029.170] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.170] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.170] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f39c8 [0029.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.171] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1254, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1254, lpOverlapped=0x0) returned 1 [0029.172] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.172] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1254, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1254, lpOverlapped=0x0) returned 1 [0029.173] CloseHandle (hObject=0x54) returned 1 [0029.173] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f3be0 [0029.173] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1].adv")) returned 0 [0029.173] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3be0 | out: hHeap=0x6d0000) returned 1 [0029.173] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.173] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60ef0c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60ef0c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60f16de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6a6, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="google_plus_16dp[1].png", cAlternateFileName="GOOGLE~1.PNG")) returned 1 [0029.173] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.173] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.173] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.173] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6a6, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6a6, lpOverlapped=0x0) returned 1 [0029.186] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.187] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6a6, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6a6, lpOverlapped=0x0) returned 1 [0029.187] CloseHandle (hObject=0x54) returned 1 [0029.187] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.187] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png.adv")) returned 1 [0029.187] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.187] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.187] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de2e5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5de2e5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5de54720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6c8, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="index[1].htm", cAlternateFileName="INDEX_~1.HTM")) returned 1 [0029.187] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.187] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.187] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.188] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb6c8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xb6c8, lpOverlapped=0x0) returned 1 [0029.190] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.190] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb6c8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xb6c8, lpOverlapped=0x0) returned 1 [0029.190] CloseHandle (hObject=0x54) returned 1 [0029.190] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.190] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm.adv")) returned 1 [0029.191] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.191] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.191] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54fa1af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54fa1af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54fa1af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa2, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="print[1].txt", cAlternateFileName="PRINT_~1.TXT")) returned 1 [0029.191] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.191] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.191] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.192] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xa2, lpOverlapped=0x0) returned 1 [0029.194] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.194] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xa2, lpOverlapped=0x0) returned 1 [0029.194] CloseHandle (hObject=0x54) returned 1 [0029.194] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.194] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt.adv")) returned 1 [0029.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.195] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44f697b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44f697b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44f8f910, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x15429, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="Standard[1]", cAlternateFileName="STANDA~1")) returned 1 [0029.195] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.195] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.195] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15429, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x15429, lpOverlapped=0x0) returned 1 [0029.197] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.197] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15429, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x15429, lpOverlapped=0x0) returned 1 [0029.198] CloseHandle (hObject=0x54) returned 1 [0029.198] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.198] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1].adv")) returned 1 [0029.198] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.198] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.198] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfbb3b50, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfbb3b50, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfbb3b50, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x67, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="tecjslog[1].png", cAlternateFileName="TECJSL~1.PNG")) returned 1 [0029.198] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.199] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.199] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.199] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x67, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x67, lpOverlapped=0x0) returned 1 [0029.201] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.201] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x67, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x67, lpOverlapped=0x0) returned 1 [0029.201] CloseHandle (hObject=0x54) returned 1 [0029.201] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.201] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png.adv")) returned 1 [0029.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.202] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x548efd10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x548efd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x548efd10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102ea, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="uhf-main.var.min[1].js", cAlternateFileName="UHF-MA~1.JS")) returned 1 [0029.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.202] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.202] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x102ea, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x102ea, lpOverlapped=0x0) returned 1 [0029.204] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.204] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x102ea, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x102ea, lpOverlapped=0x0) returned 1 [0029.205] CloseHandle (hObject=0x54) returned 1 [0029.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.205] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js.adv")) returned 1 [0029.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.205] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5386c470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5386c470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5386c470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2dd5, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="v2[1]", cAlternateFileName="V2_1_~1")) returned 1 [0029.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.206] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2dd5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2dd5, lpOverlapped=0x0) returned 1 [0029.207] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.207] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2dd5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2dd5, lpOverlapped=0x0) returned 1 [0029.208] CloseHandle (hObject=0x54) returned 1 [0029.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.208] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1].adv")) returned 1 [0029.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.208] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5386c470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5386c470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5386c470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d29, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="v2[2]", cAlternateFileName="V2_2_~1")) returned 1 [0029.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.209] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d29, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2d29, lpOverlapped=0x0) returned 1 [0029.211] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.211] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d29, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2d29, lpOverlapped=0x0) returned 1 [0029.211] CloseHandle (hObject=0x54) returned 1 [0029.211] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.211] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2].adv")) returned 1 [0029.211] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.211] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.211] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe751ef0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe751ef0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe751ef0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2fa8, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="v2[3]", cAlternateFileName="V2_3_~1")) returned 1 [0029.211] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.212] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.212] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.213] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fa8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2fa8, lpOverlapped=0x0) returned 1 [0029.214] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.214] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fa8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2fa8, lpOverlapped=0x0) returned 1 [0029.214] CloseHandle (hObject=0x54) returned 1 [0029.214] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.214] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3].adv")) returned 1 [0029.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.215] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe8829f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe8829f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe8829f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2da9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="v2[4]", cAlternateFileName="V2_4_~1")) returned 1 [0029.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.215] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2da9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2da9, lpOverlapped=0x0) returned 1 [0029.217] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.217] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2da9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2da9, lpOverlapped=0x0) returned 1 [0029.217] CloseHandle (hObject=0x54) returned 1 [0029.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.217] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4].adv")) returned 1 [0029.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.217] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe8829f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe8829f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe8829f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2da9, dwReserved0=0x1d2dd9e, dwReserved1=0x4f090c50, cFileName="v2[4]", cAlternateFileName="V2_4_~1")) returned 0 [0029.217] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0029.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3718 | out: hHeap=0x6d0000) returned 1 [0029.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34f0 | out: hHeap=0x6d0000) returned 1 [0029.218] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0029.218] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32d8 [0029.218] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f34f0 [0029.218] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0029.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0029.218] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0029.219] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.219] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0029.219] CloseHandle (hObject=0x50) returned 1 [0029.219] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f3630 [0029.219] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini.adv")) returned 1 [0029.221] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.221] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34f0 | out: hHeap=0x6d0000) returned 1 [0029.221] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x527ba6f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x527ba6f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="IKQEEPZR", cAlternateFileName="")) returned 1 [0029.221] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32d8 [0029.221] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f34f0 [0029.221] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0029.221] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.221] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3718 [0029.221] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.221] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x527ba6f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x527ba6f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x6c, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0029.224] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x527ba6f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x527ba6f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x6c, cFileName="..", cAlternateFileName="")) returned 1 [0029.225] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45027e90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45027e90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45027e90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xa756, dwReserved0=0x0, dwReserved1=0x6c, cFileName="19619569[1].gif", cAlternateFileName="196195~1.GIF")) returned 1 [0029.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.226] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa756, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xa756, lpOverlapped=0x0) returned 1 [0029.228] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.228] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa756, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xa756, lpOverlapped=0x0) returned 1 [0029.228] CloseHandle (hObject=0x54) returned 1 [0029.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.228] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif.adv")) returned 1 [0029.229] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.229] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.229] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54962130, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54962130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x549ae3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x461fe, dwReserved0=0x0, dwReserved1=0x6c, cFileName="7962161087[1].js", cAlternateFileName="796216~1.JS")) returned 1 [0029.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.229] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.229] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x461fe, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x461fe, lpOverlapped=0x0) returned 1 [0029.234] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.234] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x461fe, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x461fe, lpOverlapped=0x0) returned 1 [0029.235] CloseHandle (hObject=0x54) returned 1 [0029.235] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.235] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js.adv")) returned 1 [0029.235] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.235] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.235] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53017770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14d, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AA3DGHW[1].png", cAlternateFileName="AA3DGH~1.PNG")) returned 1 [0029.236] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.236] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.236] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.236] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x14d, lpOverlapped=0x0) returned 1 [0029.237] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.237] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x14d, lpOverlapped=0x0) returned 1 [0029.237] CloseHandle (hObject=0x54) returned 1 [0029.238] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.238] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png.adv")) returned 1 [0029.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.238] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AA3e1pt[2].png", cAlternateFileName="AA3E1P~2.PNG")) returned 1 [0029.238] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.238] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.239] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x197, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x197, lpOverlapped=0x0) returned 1 [0029.241] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.241] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x197, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x197, lpOverlapped=0x0) returned 1 [0029.241] CloseHandle (hObject=0x54) returned 1 [0029.241] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.241] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png.adv")) returned 1 [0029.242] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.242] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.242] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2c2, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AA42ckd[1].png", cAlternateFileName="AA42CK~1.PNG")) returned 1 [0029.242] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.242] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.242] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.242] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2c2, lpOverlapped=0x0) returned 1 [0029.244] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.244] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2c2, lpOverlapped=0x0) returned 1 [0029.244] CloseHandle (hObject=0x54) returned 1 [0029.244] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.244] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png.adv")) returned 1 [0029.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.244] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2c2, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AA42eYr[1].png", cAlternateFileName="AA42EY~1.PNG")) returned 1 [0029.244] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.244] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.245] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.245] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2c2, lpOverlapped=0x0) returned 1 [0029.246] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.246] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2c2, lpOverlapped=0x0) returned 1 [0029.247] CloseHandle (hObject=0x54) returned 1 [0029.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.247] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png.adv")) returned 1 [0029.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.247] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AA61ILp[2].png", cAlternateFileName="AA61IL~2.PNG")) returned 1 [0029.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.251] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x204, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x204, lpOverlapped=0x0) returned 1 [0029.253] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.253] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x204, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x204, lpOverlapped=0x0) returned 1 [0029.253] CloseHandle (hObject=0x54) returned 1 [0029.253] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.253] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png.adv")) returned 1 [0029.254] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.254] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.254] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50ebbff0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2ed, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AA6SNZ6[1].png", cAlternateFileName="AA6SNZ~1.PNG")) returned 1 [0029.254] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.254] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.254] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.254] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2ed, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2ed, lpOverlapped=0x0) returned 1 [0029.255] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.255] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2ed, lpOverlapped=0x0) returned 1 [0029.256] CloseHandle (hObject=0x54) returned 1 [0029.256] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.256] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png.adv")) returned 1 [0029.256] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.256] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.256] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454eaa90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454eaa90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454eaa90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2fc, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AAbyinC[1].png", cAlternateFileName="AABYIN~1.PNG")) returned 1 [0029.256] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.256] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.256] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.257] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fc, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2fc, lpOverlapped=0x0) returned 1 [0029.259] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.259] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fc, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2fc, lpOverlapped=0x0) returned 1 [0029.259] CloseHandle (hObject=0x54) returned 1 [0029.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.259] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png.adv")) returned 1 [0029.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.260] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.260] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x340b, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AAicW5W[1].jpg", cAlternateFileName="AAICW5~1.JPG")) returned 1 [0029.260] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.260] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.260] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.260] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x340b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x340b, lpOverlapped=0x0) returned 1 [0029.262] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.262] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x340b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x340b, lpOverlapped=0x0) returned 1 [0029.262] CloseHandle (hObject=0x54) returned 1 [0029.262] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.262] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg.adv")) returned 1 [0029.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.263] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538925d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538925d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19a4, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AAj0doQ[1].jpg", cAlternateFileName="AAJ0DO~1.JPG")) returned 1 [0029.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.263] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19a4, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x19a4, lpOverlapped=0x0) returned 1 [0029.265] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.265] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19a4, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x19a4, lpOverlapped=0x0) returned 1 [0029.265] CloseHandle (hObject=0x54) returned 1 [0029.265] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.265] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg.adv")) returned 1 [0029.266] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.266] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.266] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5159c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x35c, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AAkqhIf[1].png", cAlternateFileName="AAKQHI~1.PNG")) returned 1 [0029.266] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.266] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.266] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.266] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x35c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x35c, lpOverlapped=0x0) returned 1 [0029.268] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.268] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x35c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x35c, lpOverlapped=0x0) returned 1 [0029.269] CloseHandle (hObject=0x54) returned 1 [0029.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.269] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png.adv")) returned 1 [0029.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.269] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x278e, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AAmo09p[1].jpg", cAlternateFileName="AAMO09~1.JPG")) returned 1 [0029.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.270] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x278e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x278e, lpOverlapped=0x0) returned 1 [0029.271] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.271] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x278e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x278e, lpOverlapped=0x0) returned 1 [0029.272] CloseHandle (hObject=0x54) returned 1 [0029.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.272] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg.adv")) returned 1 [0029.272] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.272] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.273] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19a, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AAmUyV2[1].png", cAlternateFileName="AAMUYV~1.PNG")) returned 1 [0029.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.273] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.273] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x19a, lpOverlapped=0x0) returned 1 [0029.274] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.274] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x19a, lpOverlapped=0x0) returned 1 [0029.275] CloseHandle (hObject=0x54) returned 1 [0029.275] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.275] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png.adv")) returned 1 [0029.275] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.275] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.275] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x6c, cFileName="AAn7gKR[1].png", cAlternateFileName="AAN7GK~1.PNG")) returned 1 [0029.275] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.275] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.275] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.276] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xfe, lpOverlapped=0x0) returned 1 [0029.277] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.277] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xfe, lpOverlapped=0x0) returned 1 [0029.277] CloseHandle (hObject=0x54) returned 1 [0029.277] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.277] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png.adv")) returned 1 [0029.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.278] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61be2420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61be2420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61be2420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x650, dwReserved0=0x0, dwReserved1=0x6c, cFileName="activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm", cAlternateFileName="ACTIVI~1.HTM")) returned 1 [0029.278] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.278] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.278] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1f4) returned 0x6f39c8 [0029.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.279] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x650, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x650, lpOverlapped=0x0) returned 1 [0029.280] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.280] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x650, lpOverlapped=0x0) returned 1 [0029.280] CloseHandle (hObject=0x54) returned 1 [0029.280] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x190) returned 0x6f3bc8 [0029.280] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm.adv")) returned 1 [0029.281] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3bc8 | out: hHeap=0x6d0000) returned 1 [0029.281] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.281] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2a0770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf2a0770, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2870, dwReserved0=0x0, dwReserved1=0x6c, cFileName="adfscript[1]", cAlternateFileName="ADFSCR~1")) returned 1 [0029.281] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.281] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.281] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.282] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2870, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2870, lpOverlapped=0x0) returned 1 [0029.283] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.283] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2870, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2870, lpOverlapped=0x0) returned 1 [0029.283] CloseHandle (hObject=0x54) returned 1 [0029.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.283] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1].adv")) returned 1 [0029.284] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.284] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.284] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf54e030, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xf1f, dwReserved0=0x0, dwReserved1=0x6c, cFileName="adfserve[1]", cAlternateFileName="ADFSER~1")) returned 1 [0029.284] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.284] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.284] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.285] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf1f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xf1f, lpOverlapped=0x0) returned 1 [0029.286] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.286] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf1f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xf1f, lpOverlapped=0x0) returned 1 [0029.287] CloseHandle (hObject=0x54) returned 1 [0029.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.287] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1].adv")) returned 1 [0029.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.290] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11835, dwReserved0=0x0, dwReserved1=0x6c, cFileName="ast[2].js", cAlternateFileName="AST_2_~1.JS")) returned 1 [0029.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.291] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11835, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x11835, lpOverlapped=0x0) returned 1 [0029.293] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.293] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11835, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x11835, lpOverlapped=0x0) returned 1 [0029.293] CloseHandle (hObject=0x54) returned 1 [0029.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.293] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js.adv")) returned 1 [0029.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.294] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53d7b330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53d7b330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53d7b330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x6c, cFileName="async_usersync[1]", cAlternateFileName="ASYNC_~1")) returned 1 [0029.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.294] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x543, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x543, lpOverlapped=0x0) returned 1 [0029.296] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.296] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x543, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x543, lpOverlapped=0x0) returned 1 [0029.296] CloseHandle (hObject=0x54) returned 1 [0029.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.296] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1].adv")) returned 1 [0029.297] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.297] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.297] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5108d3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5108d3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x86e6, dwReserved0=0x0, dwReserved1=0x6c, cFileName="b2fd15[1].eot", cAlternateFileName="B2FD15~1.EOT")) returned 1 [0029.297] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.297] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.297] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.298] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x86e6, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x86e6, lpOverlapped=0x0) returned 1 [0029.300] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.300] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x86e6, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x86e6, lpOverlapped=0x0) returned 1 [0029.300] CloseHandle (hObject=0x54) returned 1 [0029.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.300] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot.adv")) returned 1 [0029.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.301] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BB5zDwX[1].png", cAlternateFileName="BB5ZDW~1.PNG")) returned 1 [0029.301] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.301] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.301] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2c0, lpOverlapped=0x0) returned 1 [0029.302] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.303] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2c0, lpOverlapped=0x0) returned 1 [0029.303] CloseHandle (hObject=0x54) returned 1 [0029.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.303] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png.adv")) returned 1 [0029.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.303] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x227, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBaK3Nm[1].png", cAlternateFileName="BBAK3N~1.PNG")) returned 1 [0029.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.304] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x227, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x227, lpOverlapped=0x0) returned 1 [0029.305] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.305] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x227, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x227, lpOverlapped=0x0) returned 1 [0029.305] CloseHandle (hObject=0x54) returned 1 [0029.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.306] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png.adv")) returned 1 [0029.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.306] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53337450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2143, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBLcCz[1].jpg", cAlternateFileName="BBBLCC~1.JPG")) returned 1 [0029.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.307] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2143, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2143, lpOverlapped=0x0) returned 1 [0029.308] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.308] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2143, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2143, lpOverlapped=0x0) returned 1 [0029.308] CloseHandle (hObject=0x54) returned 1 [0029.308] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.308] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg.adv")) returned 1 [0029.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.309] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x912, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBLdzQ[1].jpg", cAlternateFileName="BBBLDZ~1.JPG")) returned 1 [0029.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.309] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x912, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x912, lpOverlapped=0x0) returned 1 [0029.311] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.311] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x912, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x912, lpOverlapped=0x0) returned 1 [0029.311] CloseHandle (hObject=0x54) returned 1 [0029.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.311] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg.adv")) returned 1 [0029.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.312] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6e8, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBO1mQ[1].jpg", cAlternateFileName="BBBO1M~1.JPG")) returned 1 [0029.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.312] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6e8, lpOverlapped=0x0) returned 1 [0029.314] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.314] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6e8, lpOverlapped=0x0) returned 1 [0029.314] CloseHandle (hObject=0x54) returned 1 [0029.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.314] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg.adv")) returned 1 [0029.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.317] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x537add90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x537add90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x537add90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36d2, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBO1qB[1].jpg", cAlternateFileName="BBBO1Q~1.JPG")) returned 1 [0029.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.317] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x36d2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x36d2, lpOverlapped=0x0) returned 1 [0029.319] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.319] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x36d2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x36d2, lpOverlapped=0x0) returned 1 [0029.319] CloseHandle (hObject=0x54) returned 1 [0029.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.320] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg.adv")) returned 1 [0029.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.320] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBOIAt[1].jpg", cAlternateFileName="BBBOIA~1.JPG")) returned 1 [0029.320] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.320] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.321] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x75e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x75e, lpOverlapped=0x0) returned 1 [0029.322] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.322] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x75e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x75e, lpOverlapped=0x0) returned 1 [0029.322] CloseHandle (hObject=0x54) returned 1 [0029.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.322] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg.adv")) returned 1 [0029.323] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.323] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.323] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6dc, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBOmuh[1].jpg", cAlternateFileName="BBBOMU~1.JPG")) returned 1 [0029.323] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.323] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.323] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.323] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6dc, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6dc, lpOverlapped=0x0) returned 1 [0029.325] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.325] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6dc, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6dc, lpOverlapped=0x0) returned 1 [0029.325] CloseHandle (hObject=0x54) returned 1 [0029.325] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.325] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg.adv")) returned 1 [0029.326] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.326] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.326] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53467f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53467f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9be, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBPK5J[1].jpg", cAlternateFileName="BBBPK5~1.JPG")) returned 1 [0029.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.326] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.326] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9be, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x9be, lpOverlapped=0x0) returned 1 [0029.328] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.328] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9be, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x9be, lpOverlapped=0x0) returned 1 [0029.328] CloseHandle (hObject=0x54) returned 1 [0029.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.328] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg.adv")) returned 1 [0029.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.329] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1694, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBPMvJ[1].jpg", cAlternateFileName="BBBPMV~1.JPG")) returned 1 [0029.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.330] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.331] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1694, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1694, lpOverlapped=0x0) returned 1 [0029.333] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.333] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1694, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1694, lpOverlapped=0x0) returned 1 [0029.333] CloseHandle (hObject=0x54) returned 1 [0029.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.333] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg.adv")) returned 1 [0029.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.333] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539e9230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539e9230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53a0f390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x85d, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBUL3E[1].jpg", cAlternateFileName="BBBUL3~1.JPG")) returned 1 [0029.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.334] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x85d, lpOverlapped=0x0) returned 1 [0029.335] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.335] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x85d, lpOverlapped=0x0) returned 1 [0029.336] CloseHandle (hObject=0x54) returned 1 [0029.336] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg.adv")) returned 1 [0029.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.336] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x878, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBUqkT[1].jpg", cAlternateFileName="BBBUQK~1.JPG")) returned 1 [0029.336] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.336] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.337] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x878, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x878, lpOverlapped=0x0) returned 1 [0029.338] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.338] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x878, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x878, lpOverlapped=0x0) returned 1 [0029.338] CloseHandle (hObject=0x54) returned 1 [0029.339] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.339] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg.adv")) returned 1 [0029.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.339] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f59090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f59090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f59090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x878, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBUqkT[2].jpg", cAlternateFileName="BBBUQK~2.JPG")) returned 1 [0029.339] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.339] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.340] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x878, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x878, lpOverlapped=0x0) returned 1 [0029.341] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.341] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x878, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x878, lpOverlapped=0x0) returned 1 [0029.341] CloseHandle (hObject=0x54) returned 1 [0029.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.341] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg.adv")) returned 1 [0029.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.342] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x77f, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBX3z0[1].jpg", cAlternateFileName="BBBX3Z~1.JPG")) returned 1 [0029.342] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.342] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.343] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x77f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x77f, lpOverlapped=0x0) returned 1 [0029.344] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.344] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x77f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x77f, lpOverlapped=0x0) returned 1 [0029.344] CloseHandle (hObject=0x54) returned 1 [0029.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.345] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg.adv")) returned 1 [0029.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.345] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22b3, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBYEW1[1].jpg", cAlternateFileName="BBBYEW~1.JPG")) returned 1 [0029.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.346] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x22b3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x22b3, lpOverlapped=0x0) returned 1 [0029.348] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.348] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x22b3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x22b3, lpOverlapped=0x0) returned 1 [0029.348] CloseHandle (hObject=0x54) returned 1 [0029.348] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.348] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg.adv")) returned 1 [0029.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.349] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ec0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19cf, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBYfEH[1].jpg", cAlternateFileName="BBBYFE~1.JPG")) returned 1 [0029.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.349] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19cf, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x19cf, lpOverlapped=0x0) returned 1 [0029.351] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.351] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19cf, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x19cf, lpOverlapped=0x0) returned 1 [0029.351] CloseHandle (hObject=0x54) returned 1 [0029.351] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.351] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg.adv")) returned 1 [0029.351] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.352] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5b2bd440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ca1, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBZ20W[1].jpg", cAlternateFileName="BBBZ20~1.JPG")) returned 1 [0029.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.353] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2ca1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2ca1, lpOverlapped=0x0) returned 1 [0029.354] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.354] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2ca1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2ca1, lpOverlapped=0x0) returned 1 [0029.354] CloseHandle (hObject=0x54) returned 1 [0029.354] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.355] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg.adv")) returned 1 [0029.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.355] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53950cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53950cb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539c30d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1f37, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBzaxY[1].jpg", cAlternateFileName="BBBZAX~1.JPG")) returned 1 [0029.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.355] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.356] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f37, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1f37, lpOverlapped=0x0) returned 1 [0029.357] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.357] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f37, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1f37, lpOverlapped=0x0) returned 1 [0029.357] CloseHandle (hObject=0x54) returned 1 [0029.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.357] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg.adv")) returned 1 [0029.358] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.358] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.358] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2131, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBBZzuz[1].jpg", cAlternateFileName="BBBZZU~1.JPG")) returned 1 [0029.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.358] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.358] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2131, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2131, lpOverlapped=0x0) returned 1 [0029.360] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.360] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2131, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2131, lpOverlapped=0x0) returned 1 [0029.360] CloseHandle (hObject=0x54) returned 1 [0029.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.360] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg.adv")) returned 1 [0029.361] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.361] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.361] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5530da90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x370a, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC03B1[1].jpg", cAlternateFileName="BBC03B~1.JPG")) returned 1 [0029.361] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.361] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.361] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.361] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x370a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x370a, lpOverlapped=0x0) returned 1 [0029.363] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.363] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x370a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x370a, lpOverlapped=0x0) returned 1 [0029.363] CloseHandle (hObject=0x54) returned 1 [0029.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.363] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg.adv")) returned 1 [0029.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.364] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51256470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22a0, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC04o2[1].jpg", cAlternateFileName="BBC04O~1.JPG")) returned 1 [0029.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.365] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x22a0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x22a0, lpOverlapped=0x0) returned 1 [0029.366] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.366] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x22a0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x22a0, lpOverlapped=0x0) returned 1 [0029.367] CloseHandle (hObject=0x54) returned 1 [0029.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.367] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg.adv")) returned 1 [0029.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.367] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53657130, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53657130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53657130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2036, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC06ZQ[1].jpg", cAlternateFileName="BBC06Z~1.JPG")) returned 1 [0029.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.368] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2036, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2036, lpOverlapped=0x0) returned 1 [0029.369] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.369] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2036, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2036, lpOverlapped=0x0) returned 1 [0029.369] CloseHandle (hObject=0x54) returned 1 [0029.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.370] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg.adv")) returned 1 [0029.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.370] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5b2bd440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13fd, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC0ALC[1].jpg", cAlternateFileName="BBC0AL~1.JPG")) returned 1 [0029.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.371] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13fd, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x13fd, lpOverlapped=0x0) returned 1 [0029.372] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.372] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13fd, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x13fd, lpOverlapped=0x0) returned 1 [0029.372] CloseHandle (hObject=0x54) returned 1 [0029.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.373] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg.adv")) returned 1 [0029.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.373] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x884, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC0BiZ[1].jpg", cAlternateFileName="BBC0BI~1.JPG")) returned 1 [0029.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.374] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x884, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x884, lpOverlapped=0x0) returned 1 [0029.375] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.375] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x884, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x884, lpOverlapped=0x0) returned 1 [0029.375] CloseHandle (hObject=0x54) returned 1 [0029.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.376] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg.adv")) returned 1 [0029.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.376] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f0cdd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x34d8, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC0FXU[1].jpg", cAlternateFileName="BBC0FX~1.JPG")) returned 1 [0029.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.377] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x34d8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x34d8, lpOverlapped=0x0) returned 1 [0029.378] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.378] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x34d8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x34d8, lpOverlapped=0x0) returned 1 [0029.378] CloseHandle (hObject=0x54) returned 1 [0029.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.379] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg.adv")) returned 1 [0029.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.379] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61282d80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2fd1, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC0FXU[2].jpg", cAlternateFileName="BBC0FX~2.JPG")) returned 1 [0029.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.380] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fd1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2fd1, lpOverlapped=0x0) returned 1 [0029.382] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.383] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fd1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2fd1, lpOverlapped=0x0) returned 1 [0029.383] CloseHandle (hObject=0x54) returned 1 [0029.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.383] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg.adv")) returned 1 [0029.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.383] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c3, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC0mkg[1].jpg", cAlternateFileName="BBC0MK~1.JPG")) returned 1 [0029.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.384] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29c3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x29c3, lpOverlapped=0x0) returned 1 [0029.386] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.386] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29c3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x29c3, lpOverlapped=0x0) returned 1 [0029.386] CloseHandle (hObject=0x54) returned 1 [0029.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.386] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg.adv")) returned 1 [0029.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.387] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e9a9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e9a9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e9a9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7b, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC0mkg[2].jpg", cAlternateFileName="BBC0MK~2.JPG")) returned 1 [0029.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.387] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa7b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xa7b, lpOverlapped=0x0) returned 1 [0029.389] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.389] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa7b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xa7b, lpOverlapped=0x0) returned 1 [0029.389] CloseHandle (hObject=0x54) returned 1 [0029.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.389] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg.adv")) returned 1 [0029.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.390] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5127c5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5127c5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5127c5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17af, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC0oQi[1].jpg", cAlternateFileName="BBC0OQ~1.JPG")) returned 1 [0029.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.390] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17af, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x17af, lpOverlapped=0x0) returned 1 [0029.392] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.392] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17af, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x17af, lpOverlapped=0x0) returned 1 [0029.392] CloseHandle (hObject=0x54) returned 1 [0029.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.392] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg.adv")) returned 1 [0029.392] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fa5350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf3, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBC0tCi[1].jpg", cAlternateFileName="BBC0TC~1.JPG")) returned 1 [0029.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.392] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.393] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaf3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xaf3, lpOverlapped=0x0) returned 1 [0029.394] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.394] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaf3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xaf3, lpOverlapped=0x0) returned 1 [0029.395] CloseHandle (hObject=0x54) returned 1 [0029.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.395] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg.adv")) returned 1 [0029.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.395] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459f9950, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x350a, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBCM2U2[1].jpg", cAlternateFileName="BBCM2U~1.JPG")) returned 1 [0029.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.396] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x350a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x350a, lpOverlapped=0x0) returned 1 [0029.397] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.397] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x350a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x350a, lpOverlapped=0x0) returned 1 [0029.398] CloseHandle (hObject=0x54) returned 1 [0029.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.398] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg.adv")) returned 1 [0029.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.398] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4593b270, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x68c, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBDGTbx[1].jpg", cAlternateFileName="BBDGTB~1.JPG")) returned 1 [0029.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.399] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x68c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x68c, lpOverlapped=0x0) returned 1 [0029.400] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.400] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x68c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x68c, lpOverlapped=0x0) returned 1 [0029.400] CloseHandle (hObject=0x54) returned 1 [0029.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.401] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg.adv")) returned 1 [0029.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.401] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x284, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBDk44m[1].png", cAlternateFileName="BBDK44~1.PNG")) returned 1 [0029.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.402] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x284, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x284, lpOverlapped=0x0) returned 1 [0029.403] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.403] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x284, lpOverlapped=0x0) returned 1 [0029.403] CloseHandle (hObject=0x54) returned 1 [0029.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.403] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png.adv")) returned 1 [0029.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.404] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a6bd70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2d04, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBDWXoC[1].jpg", cAlternateFileName="BBDWXO~1.JPG")) returned 1 [0029.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.404] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.404] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d04, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2d04, lpOverlapped=0x0) returned 1 [0029.406] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.406] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d04, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2d04, lpOverlapped=0x0) returned 1 [0029.407] CloseHandle (hObject=0x54) returned 1 [0029.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.407] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg.adv")) returned 1 [0029.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.407] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x863, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBE3NcH[1].jpg", cAlternateFileName="BBE3NC~1.JPG")) returned 1 [0029.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.408] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x863, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x863, lpOverlapped=0x0) returned 1 [0029.409] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.409] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x863, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x863, lpOverlapped=0x0) returned 1 [0029.409] CloseHandle (hObject=0x54) returned 1 [0029.409] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.409] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg.adv")) returned 1 [0029.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.410] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b5, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBE7GLE[1].png", cAlternateFileName="BBE7GL~1.PNG")) returned 1 [0029.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.410] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2b5, lpOverlapped=0x0) returned 1 [0029.412] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.412] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2b5, lpOverlapped=0x0) returned 1 [0029.412] CloseHandle (hObject=0x54) returned 1 [0029.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.412] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png.adv")) returned 1 [0029.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.413] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ade190, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ade190, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c9b, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBE8aLO[1].jpg", cAlternateFileName="BBE8AL~1.JPG")) returned 1 [0029.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.413] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c9b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c9b, lpOverlapped=0x0) returned 1 [0029.415] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.415] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c9b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c9b, lpOverlapped=0x0) returned 1 [0029.415] CloseHandle (hObject=0x54) returned 1 [0029.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.416] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg.adv")) returned 1 [0029.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.416] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x702, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEd5bF[1].jpg", cAlternateFileName="BBED5B~1.JPG")) returned 1 [0029.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.417] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x702, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x702, lpOverlapped=0x0) returned 1 [0029.418] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.418] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x702, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x702, lpOverlapped=0x0) returned 1 [0029.418] CloseHandle (hObject=0x54) returned 1 [0029.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.418] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg.adv")) returned 1 [0029.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.419] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50ebbff0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xaca8, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEdDNm[1].jpg", cAlternateFileName="BBEDDN~1.JPG")) returned 1 [0029.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.420] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaca8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xaca8, lpOverlapped=0x0) returned 1 [0029.422] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.422] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaca8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xaca8, lpOverlapped=0x0) returned 1 [0029.422] CloseHandle (hObject=0x54) returned 1 [0029.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.422] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg.adv")) returned 1 [0029.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.425] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x755, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEdpyr[1].jpg", cAlternateFileName="BBEDPY~1.JPG")) returned 1 [0029.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.426] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x755, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x755, lpOverlapped=0x0) returned 1 [0029.427] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.427] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x755, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x755, lpOverlapped=0x0) returned 1 [0029.427] CloseHandle (hObject=0x54) returned 1 [0029.427] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.427] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg.adv")) returned 1 [0029.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.428] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c72, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEdQdv[1].jpg", cAlternateFileName="BBEDQD~1.JPG")) returned 1 [0029.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.428] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c72, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c72, lpOverlapped=0x0) returned 1 [0029.430] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.430] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c72, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c72, lpOverlapped=0x0) returned 1 [0029.430] CloseHandle (hObject=0x54) returned 1 [0029.430] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.430] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg.adv")) returned 1 [0029.431] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.431] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.431] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xa23, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEe62t[1].jpg", cAlternateFileName="BBEE62~1.JPG")) returned 1 [0029.433] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.433] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.433] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.433] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa23, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xa23, lpOverlapped=0x0) returned 1 [0029.435] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.435] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa23, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xa23, lpOverlapped=0x0) returned 1 [0029.435] CloseHandle (hObject=0x54) returned 1 [0029.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.435] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg.adv")) returned 1 [0029.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.436] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1ca7, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEedPR[1].jpg", cAlternateFileName="BBEEDP~1.JPG")) returned 1 [0029.436] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.436] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.436] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.436] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1ca7, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1ca7, lpOverlapped=0x0) returned 1 [0029.438] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.438] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1ca7, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1ca7, lpOverlapped=0x0) returned 1 [0029.438] CloseHandle (hObject=0x54) returned 1 [0029.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.438] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg.adv")) returned 1 [0029.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.439] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe34d9d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe34d9d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe34d9d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x9ef, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEeTpB[1].jpg", cAlternateFileName="BBEETP~1.JPG")) returned 1 [0029.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.439] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9ef, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x9ef, lpOverlapped=0x0) returned 1 [0029.441] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.441] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9ef, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x9ef, lpOverlapped=0x0) returned 1 [0029.441] CloseHandle (hObject=0x54) returned 1 [0029.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.441] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg.adv")) returned 1 [0029.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.442] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x952, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEeTuf[1].jpg", cAlternateFileName="BBEETU~1.JPG")) returned 1 [0029.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.442] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x952, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x952, lpOverlapped=0x0) returned 1 [0029.444] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.444] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x952, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x952, lpOverlapped=0x0) returned 1 [0029.444] CloseHandle (hObject=0x54) returned 1 [0029.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.444] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg.adv")) returned 1 [0029.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.445] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b76710, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7a9, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEeU5U[1].jpg", cAlternateFileName="BBEEU5~1.JPG")) returned 1 [0029.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.445] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7a9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7a9, lpOverlapped=0x0) returned 1 [0029.447] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.447] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7a9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7a9, lpOverlapped=0x0) returned 1 [0029.448] CloseHandle (hObject=0x54) returned 1 [0029.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.448] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg.adv")) returned 1 [0029.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.448] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x86f, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEf306[1].jpg", cAlternateFileName="BBEF30~1.JPG")) returned 1 [0029.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.449] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x86f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x86f, lpOverlapped=0x0) returned 1 [0029.450] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.450] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x86f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x86f, lpOverlapped=0x0) returned 1 [0029.450] CloseHandle (hObject=0x54) returned 1 [0029.450] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.451] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg.adv")) returned 1 [0029.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.451] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459613d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x828, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEf54R[1].jpg", cAlternateFileName="BBEF54~1.JPG")) returned 1 [0029.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.452] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x828, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x828, lpOverlapped=0x0) returned 1 [0029.454] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.454] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x828, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x828, lpOverlapped=0x0) returned 1 [0029.455] CloseHandle (hObject=0x54) returned 1 [0029.455] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.455] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg.adv")) returned 1 [0029.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.455] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4587cb90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3860, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEfBbH[1].jpg", cAlternateFileName="BBEFBB~1.JPG")) returned 1 [0029.455] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.455] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.456] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3860, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3860, lpOverlapped=0x0) returned 1 [0029.458] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.458] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3860, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3860, lpOverlapped=0x0) returned 1 [0029.458] CloseHandle (hObject=0x54) returned 1 [0029.458] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.458] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg.adv")) returned 1 [0029.459] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.459] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.459] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457be4b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19a5, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEfBq0[1].jpg", cAlternateFileName="BBEFBQ~1.JPG")) returned 1 [0029.459] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.459] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.459] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.459] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19a5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x19a5, lpOverlapped=0x0) returned 1 [0029.461] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.461] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19a5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x19a5, lpOverlapped=0x0) returned 1 [0029.461] CloseHandle (hObject=0x54) returned 1 [0029.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.461] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg.adv")) returned 1 [0029.462] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.462] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.462] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2619, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEfBrz[1].jpg", cAlternateFileName="BBEFBR~1.JPG")) returned 1 [0029.462] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.462] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.462] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.462] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2619, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2619, lpOverlapped=0x0) returned 1 [0029.475] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.475] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2619, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2619, lpOverlapped=0x0) returned 1 [0029.475] CloseHandle (hObject=0x54) returned 1 [0029.475] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.475] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg.adv")) returned 1 [0029.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.476] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b76710, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1f84, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEfXl6[1].jpg", cAlternateFileName="BBEFXL~1.JPG")) returned 1 [0029.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.477] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f84, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1f84, lpOverlapped=0x0) returned 1 [0029.478] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.478] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f84, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1f84, lpOverlapped=0x0) returned 1 [0029.478] CloseHandle (hObject=0x54) returned 1 [0029.478] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.478] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg.adv")) returned 1 [0029.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.479] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbded7090, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbded7090, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbded7090, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1c7e, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEgEH3[1].jpg", cAlternateFileName="BBEGEH~1.JPG")) returned 1 [0029.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.480] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c7e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c7e, lpOverlapped=0x0) returned 1 [0029.481] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.481] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c7e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c7e, lpOverlapped=0x0) returned 1 [0029.481] CloseHandle (hObject=0x54) returned 1 [0029.481] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.481] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg.adv")) returned 1 [0029.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.482] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8f9, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEgsz3[1].jpg", cAlternateFileName="BBEGSZ~1.JPG")) returned 1 [0029.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.482] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8f9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x8f9, lpOverlapped=0x0) returned 1 [0029.484] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.484] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8f9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x8f9, lpOverlapped=0x0) returned 1 [0029.484] CloseHandle (hObject=0x54) returned 1 [0029.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.484] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg.adv")) returned 1 [0029.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.485] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4574c090, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x9b7, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBEgTxB[1].jpg", cAlternateFileName="BBEGTX~1.JPG")) returned 1 [0029.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.485] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9b7, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x9b7, lpOverlapped=0x0) returned 1 [0029.487] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.487] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9b7, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x9b7, lpOverlapped=0x0) returned 1 [0029.487] CloseHandle (hObject=0x54) returned 1 [0029.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.487] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg.adv")) returned 1 [0029.488] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.488] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.488] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x36e, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBo1lFJ[2].png", cAlternateFileName="BBO1LF~2.PNG")) returned 1 [0029.488] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.488] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.488] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.488] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x36e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x36e, lpOverlapped=0x0) returned 1 [0029.490] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.490] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x36e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x36e, lpOverlapped=0x0) returned 1 [0029.490] CloseHandle (hObject=0x54) returned 1 [0029.490] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.490] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png.adv")) returned 1 [0029.491] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.491] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.491] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x455f5430, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x455f5430, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x455f5430, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23f, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBs47TE[1].png", cAlternateFileName="BBS47T~1.PNG")) returned 1 [0029.491] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.491] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.491] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.491] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.491] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x23f, lpOverlapped=0x0) returned 1 [0029.493] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.493] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x23f, lpOverlapped=0x0) returned 1 [0029.493] CloseHandle (hObject=0x54) returned 1 [0029.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.493] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png.adv")) returned 1 [0029.494] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.494] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.494] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2cb0, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BBu9sWQ[1].jpg", cAlternateFileName="BBU9SW~1.JPG")) returned 1 [0029.494] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.494] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.494] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.494] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2cb0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2cb0, lpOverlapped=0x0) returned 1 [0029.496] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.496] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2cb0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2cb0, lpOverlapped=0x0) returned 1 [0029.496] CloseHandle (hObject=0x54) returned 1 [0029.496] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.496] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg.adv")) returned 1 [0029.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.497] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x228c, dwReserved0=0x0, dwReserved1=0x6c, cFileName="BByazif[2].jpg", cAlternateFileName="BBYAZI~2.JPG")) returned 1 [0029.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.497] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x228c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x228c, lpOverlapped=0x0) returned 1 [0029.499] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.499] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x228c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x228c, lpOverlapped=0x0) returned 1 [0029.499] CloseHandle (hObject=0x54) returned 1 [0029.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.500] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg.adv")) returned 1 [0029.500] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.500] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.500] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b51310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b51310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b51310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf13, dwReserved0=0x0, dwReserved1=0x6c, cFileName="bs-components[1].css", cAlternateFileName="BS-COM~1.CSS")) returned 1 [0029.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.500] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.501] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaf13, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xaf13, lpOverlapped=0x0) returned 1 [0029.503] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.503] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaf13, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xaf13, lpOverlapped=0x0) returned 1 [0029.503] CloseHandle (hObject=0x54) returned 1 [0029.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.503] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css.adv")) returned 1 [0029.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.504] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30be, dwReserved0=0x0, dwReserved1=0x6c, cFileName="bs-util[1].css", cAlternateFileName="BS-UTI~1.CSS")) returned 1 [0029.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.504] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x30be, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x30be, lpOverlapped=0x0) returned 1 [0029.506] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.506] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x30be, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x30be, lpOverlapped=0x0) returned 1 [0029.506] CloseHandle (hObject=0x54) returned 1 [0029.506] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.506] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css.adv")) returned 1 [0029.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.507] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd97bf10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbd97bf10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbd9a2070, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x254f1, dwReserved0=0x0, dwReserved1=0x6c, cFileName="c7-bdbd0d-91cdfbc1[1].txt", cAlternateFileName="C7-BDB~1.TXT")) returned 1 [0029.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.507] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x254f1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x254f1, lpOverlapped=0x0) returned 1 [0029.510] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.510] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x254f1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x254f1, lpOverlapped=0x0) returned 1 [0029.511] CloseHandle (hObject=0x54) returned 1 [0029.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.511] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt.adv")) returned 1 [0029.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.511] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x614e4380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x614e4380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x614e4380, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x211dd, dwReserved0=0x0, dwReserved1=0x6c, cFileName="cb=gapi[1].loaded_0", cAlternateFileName="CB_GAP~1.LOA")) returned 1 [0029.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.512] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x211dd, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x211dd, lpOverlapped=0x0) returned 1 [0029.515] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.515] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x211dd, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x211dd, lpOverlapped=0x0) returned 1 [0029.515] CloseHandle (hObject=0x54) returned 1 [0029.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.515] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0.adv")) returned 1 [0029.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.516] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63c04d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c04d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63c04d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x653e, dwReserved0=0x0, dwReserved1=0x6c, cFileName="cb=gapi[2].loaded_0", cAlternateFileName="CB_GAP~2.LOA")) returned 1 [0029.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.517] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x653e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x653e, lpOverlapped=0x0) returned 1 [0029.519] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.519] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x653e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x653e, lpOverlapped=0x0) returned 1 [0029.519] CloseHandle (hObject=0x54) returned 1 [0029.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.519] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0.adv")) returned 1 [0029.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.520] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x584c4b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x584c4b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x58510e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a03f, dwReserved0=0x0, dwReserved1=0x6c, cFileName="chrome.min[1].css", cAlternateFileName="CHROME~1.CSS")) returned 1 [0029.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.520] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a03f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2a03f, lpOverlapped=0x0) returned 1 [0029.523] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.523] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a03f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2a03f, lpOverlapped=0x0) returned 1 [0029.524] CloseHandle (hObject=0x54) returned 1 [0029.524] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.524] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css.adv")) returned 1 [0029.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.525] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c69520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60c69520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60c69520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x60c, dwReserved0=0x0, dwReserved1=0x6c, cFileName="chrome_throbber_fast_16[1].gif", cAlternateFileName="CHROME~1.GIF")) returned 1 [0029.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.525] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x60c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x60c, lpOverlapped=0x0) returned 1 [0029.526] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.527] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x60c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x60c, lpOverlapped=0x0) returned 1 [0029.527] CloseHandle (hObject=0x54) returned 1 [0029.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f39c8 [0029.527] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif.adv")) returned 1 [0029.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.527] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55333bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x55333bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55333bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b, dwReserved0=0x0, dwReserved1=0x6c, cFileName="collect[1].gif", cAlternateFileName="COLLEC~1.GIF")) returned 1 [0029.528] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.528] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.528] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.528] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2b, lpOverlapped=0x0) returned 1 [0029.530] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.530] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2b, lpOverlapped=0x0) returned 1 [0029.530] CloseHandle (hObject=0x54) returned 1 [0029.530] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.530] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif.adv")) returned 1 [0029.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.531] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe8f4e10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe8f4e10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe8f4e10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7b1, dwReserved0=0x0, dwReserved1=0x6c, cFileName="ContainerTag[1].js", cAlternateFileName="CONTAI~1.JS")) returned 1 [0029.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.531] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7b1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7b1, lpOverlapped=0x0) returned 1 [0029.535] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.535] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7b1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7b1, lpOverlapped=0x0) returned 1 [0029.535] CloseHandle (hObject=0x54) returned 1 [0029.535] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.535] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js.adv")) returned 1 [0029.535] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.535] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.535] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x6c, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0029.535] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.535] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.535] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.536] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x43, lpOverlapped=0x0) returned 1 [0029.537] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.537] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x43, lpOverlapped=0x0) returned 1 [0029.537] CloseHandle (hObject=0x54) returned 1 [0029.537] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.537] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini.adv")) returned 1 [0029.538] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.538] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.538] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60d9a020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60d9a020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60de62e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48ba, dwReserved0=0x0, dwReserved1=0x6c, cFileName="eula-mac[1].jpg", cAlternateFileName="EULA-M~1.JPG")) returned 1 [0029.538] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.538] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.538] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.538] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x48ba, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x48ba, lpOverlapped=0x0) returned 1 [0029.541] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.541] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x48ba, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x48ba, lpOverlapped=0x0) returned 1 [0029.541] CloseHandle (hObject=0x54) returned 1 [0029.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.541] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg.adv")) returned 1 [0029.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.542] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61093ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61093ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61093ba0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa84a, dwReserved0=0x0, dwReserved1=0x6c, cFileName="ga[1].js", cAlternateFileName="GA_1_~1.JS")) returned 1 [0029.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.543] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa84a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xa84a, lpOverlapped=0x0) returned 1 [0029.545] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.545] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa84a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xa84a, lpOverlapped=0x0) returned 1 [0029.545] CloseHandle (hObject=0x54) returned 1 [0029.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.545] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js.adv")) returned 1 [0029.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.546] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe15e7f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe15e7f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe1f6d70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1305, dwReserved0=0x0, dwReserved1=0x6c, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]", cAlternateFileName="GETYPE~1")) returned 1 [0029.546] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.546] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.546] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f39c8 [0029.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.547] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1305, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1305, lpOverlapped=0x0) returned 1 [0029.548] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.548] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1305, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1305, lpOverlapped=0x0) returned 1 [0029.548] CloseHandle (hObject=0x54) returned 1 [0029.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f3be0 [0029.549] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1].adv")) returned 0 [0029.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3be0 | out: hHeap=0x6d0000) returned 1 [0029.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.549] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x659c6020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x659c6020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65c99a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6c, dwReserved0=0x0, dwReserved1=0x6c, cFileName="GoogleInstaller_de[1].application", cAlternateFileName="GOOGLE~1.APP")) returned 1 [0029.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.549] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe6c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xe6c, lpOverlapped=0x0) returned 1 [0029.551] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.551] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe6c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xe6c, lpOverlapped=0x0) returned 1 [0029.551] CloseHandle (hObject=0x54) returned 1 [0029.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f39c8 [0029.551] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application.adv")) returned 1 [0029.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.552] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf03f170, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf03f170, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf0652d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x4c9, dwReserved0=0x0, dwReserved1=0x6c, cFileName="js[1]", cAlternateFileName="JS_1_~1")) returned 1 [0029.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.553] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4c9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4c9, lpOverlapped=0x0) returned 1 [0029.557] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.557] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4c9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4c9, lpOverlapped=0x0) returned 1 [0029.558] CloseHandle (hObject=0x54) returned 1 [0029.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.558] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1].adv")) returned 1 [0029.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.558] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2544b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2544b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf2544b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x562, dwReserved0=0x0, dwReserved1=0x6c, cFileName="js[2]", cAlternateFileName="JS_2_~1")) returned 1 [0029.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.559] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x562, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x562, lpOverlapped=0x0) returned 1 [0029.568] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.568] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x562, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x562, lpOverlapped=0x0) returned 1 [0029.568] CloseHandle (hObject=0x54) returned 1 [0029.568] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.568] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2].adv")) returned 1 [0029.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.569] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54feddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54feddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x550601d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7a43, dwReserved0=0x0, dwReserved1=0x6c, cFileName="latest[1].eot", cAlternateFileName="LATEST~1.EOT")) returned 1 [0029.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.569] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7a43, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7a43, lpOverlapped=0x0) returned 1 [0029.571] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.571] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7a43, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7a43, lpOverlapped=0x0) returned 1 [0029.571] CloseHandle (hObject=0x54) returned 1 [0029.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.571] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot.adv")) returned 1 [0029.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.572] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54cce0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54cce0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54d1a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a114, dwReserved0=0x0, dwReserved1=0x6c, cFileName="MemMDL2.2.17[1].eot", cAlternateFileName="MEMMDL~1.EOT")) returned 1 [0029.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.572] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a114, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1a114, lpOverlapped=0x0) returned 1 [0029.575] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.575] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a114, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1a114, lpOverlapped=0x0) returned 1 [0029.575] CloseHandle (hObject=0x54) returned 1 [0029.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.575] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot.adv")) returned 1 [0029.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.576] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605b7740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605b7740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605b7740, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46c9, dwReserved0=0x0, dwReserved1=0x6c, cFileName="modernizr[1].js", cAlternateFileName="MODERN~1.JS")) returned 1 [0029.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.577] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x46c9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x46c9, lpOverlapped=0x0) returned 1 [0029.579] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.579] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x46c9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x46c9, lpOverlapped=0x0) returned 1 [0029.579] CloseHandle (hObject=0x54) returned 1 [0029.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.579] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js.adv")) returned 1 [0029.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.580] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xec5, dwReserved0=0x0, dwReserved1=0x6c, cFileName="MSNIdSync[1].js", cAlternateFileName="MSNIDS~1.JS")) returned 1 [0029.580] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.580] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.580] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.581] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xec5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xec5, lpOverlapped=0x0) returned 1 [0029.582] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.582] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xec5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xec5, lpOverlapped=0x0) returned 1 [0029.582] CloseHandle (hObject=0x54) returned 1 [0029.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.583] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js.adv")) returned 1 [0029.583] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.583] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.583] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfbb3b50, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfbb3b50, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfbb3b50, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x6c, cFileName="only[1].htm", cAlternateFileName="ONLY_1~1.HTM")) returned 1 [0029.583] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.583] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.583] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\only[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.584] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.584] CloseHandle (hObject=0x54) returned 1 [0029.584] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.584] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\only[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\only[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\only[1].htm.adv")) returned 1 [0029.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.584] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x6b6d, dwReserved0=0x0, dwReserved1=0x6c, cFileName="player[1].js", cAlternateFileName="PLAYER~1.JS")) returned 1 [0029.584] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.584] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.585] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6b6d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6b6d, lpOverlapped=0x0) returned 1 [0029.588] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.588] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6b6d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6b6d, lpOverlapped=0x0) returned 1 [0029.588] CloseHandle (hObject=0x54) returned 1 [0029.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.588] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js.adv")) returned 1 [0029.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.589] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x5f44, dwReserved0=0x0, dwReserved1=0x6c, cFileName="player[2].js", cAlternateFileName="PLAYER~2.JS")) returned 1 [0029.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.589] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5f44, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x5f44, lpOverlapped=0x0) returned 1 [0029.591] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.591] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5f44, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x5f44, lpOverlapped=0x0) returned 1 [0029.591] CloseHandle (hObject=0x54) returned 1 [0029.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.593] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js.adv")) returned 1 [0029.594] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.594] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.594] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfb41730, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfb41730, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfb41730, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x67, dwReserved0=0x0, dwReserved1=0x6c, cFileName="tecjslog[1].png", cAlternateFileName="TECJSL~1.PNG")) returned 1 [0029.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.594] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.594] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x67, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x67, lpOverlapped=0x0) returned 1 [0029.596] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.596] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x67, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x67, lpOverlapped=0x0) returned 1 [0029.596] CloseHandle (hObject=0x54) returned 1 [0029.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.597] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png.adv")) returned 1 [0029.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.597] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x692027e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x692027e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69232580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x805a, dwReserved0=0x0, dwReserved1=0x6c, cFileName="thankyou[1].htm", cAlternateFileName="THANKY~1.HTM")) returned 1 [0029.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.598] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x805a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x805a, lpOverlapped=0x0) returned 1 [0029.600] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.600] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x805a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x805a, lpOverlapped=0x0) returned 1 [0029.600] CloseHandle (hObject=0x54) returned 1 [0029.600] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.600] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm.adv")) returned 1 [0029.601] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.601] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.601] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55c14b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x55c14b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55c14b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x911, dwReserved0=0x0, dwReserved1=0x6c, cFileName="th[1].jpg", cAlternateFileName="TH_1_~1.JPG")) returned 1 [0029.601] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.601] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.601] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.602] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x911, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x911, lpOverlapped=0x0) returned 1 [0029.603] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.603] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x911, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x911, lpOverlapped=0x0) returned 1 [0029.603] CloseHandle (hObject=0x54) returned 1 [0029.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.603] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg.adv")) returned 1 [0029.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.604] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55c14b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x55c14b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55c14b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x911, dwReserved0=0x0, dwReserved1=0x6c, cFileName="th[1].jpg", cAlternateFileName="TH_1_~1.JPG")) returned 0 [0029.604] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0029.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3718 | out: hHeap=0x6d0000) returned 1 [0029.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34f0 | out: hHeap=0x6d0000) returned 1 [0029.604] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x54000, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="index.dat", cAlternateFileName="")) returned 1 [0029.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32d8 [0029.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f34f0 [0029.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0029.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0029.605] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x54000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x54000, lpOverlapped=0x0) returned 1 [0029.609] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.609] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x54000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x54000, lpOverlapped=0x0) returned 1 [0029.610] CloseHandle (hObject=0x50) returned 1 [0029.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f3630 [0029.610] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat.adv")) returned 1 [0029.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34f0 | out: hHeap=0x6d0000) returned 1 [0029.611] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="YG1R61Z8", cAlternateFileName="")) returned 1 [0029.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32d8 [0029.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f34f0 [0029.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0029.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3718 [0029.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.611] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x6d, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0029.614] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x6d, cFileName="..", cAlternateFileName="")) returned 1 [0029.617] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe967230, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe967230, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7f7e, dwReserved0=0x0, dwReserved1=0x6d, cFileName="0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg", cAlternateFileName="0FF929~1.JPG")) returned 1 [0029.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.617] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.618] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7f7e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7f7e, lpOverlapped=0x0) returned 1 [0029.620] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.620] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7f7e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7f7e, lpOverlapped=0x0) returned 1 [0029.620] CloseHandle (hObject=0x54) returned 1 [0029.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f39c8 [0029.620] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg.adv")) returned 1 [0029.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.621] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54a20810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54a20810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54a46970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc05f, dwReserved0=0x0, dwReserved1=0x6d, cFileName="26158[1].png", cAlternateFileName="26158_~1.PNG")) returned 1 [0029.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.622] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc05f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xc05f, lpOverlapped=0x0) returned 1 [0029.632] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.632] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc05f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xc05f, lpOverlapped=0x0) returned 1 [0029.632] CloseHandle (hObject=0x54) returned 1 [0029.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.632] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png.adv")) returned 1 [0029.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.633] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458eefb0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x6d, cFileName="AA42x3V[1].png", cAlternateFileName="AA42X3~1.PNG")) returned 1 [0029.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.633] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3e3, lpOverlapped=0x0) returned 1 [0029.635] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.635] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3e3, lpOverlapped=0x0) returned 1 [0029.635] CloseHandle (hObject=0x54) returned 1 [0029.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.635] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png.adv")) returned 1 [0029.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.635] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5341bc90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5341bc90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5341bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d0, dwReserved0=0x0, dwReserved1=0x6d, cFileName="AA58NQj[1].png", cAlternateFileName="AA58NQ~1.PNG")) returned 1 [0029.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.636] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.636] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1d0, lpOverlapped=0x0) returned 1 [0029.637] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.637] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1d0, lpOverlapped=0x0) returned 1 [0029.638] CloseHandle (hObject=0x54) returned 1 [0029.638] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.638] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png.adv")) returned 1 [0029.638] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.638] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.638] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c4, dwReserved0=0x0, dwReserved1=0x6d, cFileName="AA61Ofl[1].png", cAlternateFileName="AA61OF~1.PNG")) returned 1 [0029.638] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.638] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.638] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.639] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c4, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1c4, lpOverlapped=0x0) returned 1 [0029.643] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.643] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c4, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1c4, lpOverlapped=0x0) returned 1 [0029.643] CloseHandle (hObject=0x54) returned 1 [0029.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.643] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png.adv")) returned 1 [0029.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.644] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2ed, dwReserved0=0x0, dwReserved1=0x6d, cFileName="AA6SFRQ[2].png", cAlternateFileName="AA6SFR~2.PNG")) returned 1 [0029.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.644] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2ed, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2ed, lpOverlapped=0x0) returned 1 [0029.646] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.646] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2ed, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2ed, lpOverlapped=0x0) returned 1 [0029.646] CloseHandle (hObject=0x54) returned 1 [0029.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.646] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png.adv")) returned 1 [0029.647] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.647] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.647] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4580a770, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4580a770, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4580a770, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19e, dwReserved0=0x0, dwReserved1=0x6d, cFileName="AAa1vhm[1].png", cAlternateFileName="AAA1VH~1.PNG")) returned 1 [0029.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.647] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.647] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x19e, lpOverlapped=0x0) returned 1 [0029.649] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.649] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x19e, lpOverlapped=0x0) returned 1 [0029.649] CloseHandle (hObject=0x54) returned 1 [0029.649] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png.adv")) returned 1 [0029.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.649] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53846310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1, dwReserved0=0x0, dwReserved1=0x6d, cFileName="AAa1xJF[1].png", cAlternateFileName="AAA1XJ~1.PNG")) returned 1 [0029.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.650] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2c1, lpOverlapped=0x0) returned 1 [0029.651] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.651] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2c1, lpOverlapped=0x0) returned 1 [0029.651] CloseHandle (hObject=0x54) returned 1 [0029.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.651] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png.adv")) returned 1 [0029.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.652] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5159c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7b8, dwReserved0=0x0, dwReserved1=0x6d, cFileName="AAlG41q[1].jpg", cAlternateFileName="AALG41~1.JPG")) returned 1 [0029.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.653] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7b8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7b8, lpOverlapped=0x0) returned 1 [0029.654] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.654] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7b8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7b8, lpOverlapped=0x0) returned 1 [0029.654] CloseHandle (hObject=0x54) returned 1 [0029.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.654] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg.adv")) returned 1 [0029.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.655] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x157, dwReserved0=0x0, dwReserved1=0x6d, cFileName="AAmin0Z[1].png", cAlternateFileName="AAMIN0~1.PNG")) returned 1 [0029.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.655] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x157, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x157, lpOverlapped=0x0) returned 1 [0029.657] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.657] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x157, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x157, lpOverlapped=0x0) returned 1 [0029.657] CloseHandle (hObject=0x54) returned 1 [0029.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.657] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png.adv")) returned 1 [0029.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.658] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533f5b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533f5b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5341bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b1, dwReserved0=0x0, dwReserved1=0x6d, cFileName="AAnhRyj[1].jpg", cAlternateFileName="AANHRY~1.JPG")) returned 1 [0029.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.659] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x36b1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x36b1, lpOverlapped=0x0) returned 1 [0029.660] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.660] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x36b1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x36b1, lpOverlapped=0x0) returned 1 [0029.660] CloseHandle (hObject=0x54) returned 1 [0029.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.661] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg.adv")) returned 1 [0029.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.661] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c161a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64c161a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64e9d900, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x39f, dwReserved0=0x0, dwReserved1=0x6d, cFileName="activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm", cAlternateFileName="ACTIVI~1.HTM")) returned 1 [0029.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1f4) returned 0x6f39c8 [0029.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.662] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x39f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x39f, lpOverlapped=0x0) returned 1 [0029.664] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.664] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x39f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x39f, lpOverlapped=0x0) returned 1 [0029.664] CloseHandle (hObject=0x54) returned 1 [0029.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x180) returned 0x6f3bc8 [0029.664] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm.adv")) returned 1 [0029.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3bc8 | out: hHeap=0x6d0000) returned 1 [0029.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.665] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2eca30, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2eca30, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x91dd, dwReserved0=0x0, dwReserved1=0x6d, cFileName="adex[1].js", cAlternateFileName="ADEX_1~1.JS")) returned 1 [0029.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.665] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91dd, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x91dd, lpOverlapped=0x0) returned 1 [0029.668] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.668] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91dd, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x91dd, lpOverlapped=0x0) returned 1 [0029.668] CloseHandle (hObject=0x54) returned 1 [0029.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.668] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js.adv")) returned 1 [0029.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.669] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x540e72d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540e72d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x540e72d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2874, dwReserved0=0x0, dwReserved1=0x6d, cFileName="adfscript[1]", cAlternateFileName="ADFSCR~1")) returned 1 [0029.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.669] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2874, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2874, lpOverlapped=0x0) returned 1 [0029.671] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.671] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2874, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2874, lpOverlapped=0x0) returned 1 [0029.671] CloseHandle (hObject=0x54) returned 1 [0029.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.671] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1].adv")) returned 1 [0029.671] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.671] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.671] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdb6b0f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdb6b0f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdb6b0f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x525b, dwReserved0=0x0, dwReserved1=0x6d, cFileName="adsWrapperMSNI[1].js", cAlternateFileName="ADSWRA~1.JS")) returned 1 [0029.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.672] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.672] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x525b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x525b, lpOverlapped=0x0) returned 1 [0029.674] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.674] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x525b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x525b, lpOverlapped=0x0) returned 1 [0029.674] CloseHandle (hObject=0x54) returned 1 [0029.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.674] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js.adv")) returned 1 [0029.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.675] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe967230, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe967230, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8217, dwReserved0=0x0, dwReserved1=0x6d, cFileName="ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg", cAlternateFileName="AE8E98~1.JPG")) returned 1 [0029.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.675] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8217, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x8217, lpOverlapped=0x0) returned 1 [0029.677] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.677] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8217, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x8217, lpOverlapped=0x0) returned 1 [0029.677] CloseHandle (hObject=0x54) returned 1 [0029.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6f39c8 [0029.677] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg.adv")) returned 1 [0029.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.677] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe112530, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe112530, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe15e7f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1183b, dwReserved0=0x0, dwReserved1=0x6d, cFileName="ast[1].js", cAlternateFileName="AST_1_~1.JS")) returned 1 [0029.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.678] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.678] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1183b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1183b, lpOverlapped=0x0) returned 1 [0029.680] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.680] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1183b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1183b, lpOverlapped=0x0) returned 1 [0029.680] CloseHandle (hObject=0x54) returned 1 [0029.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.681] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js.adv")) returned 1 [0029.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.681] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58798580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58798580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x58798580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13a9, dwReserved0=0x0, dwReserved1=0x6d, cFileName="autotrack[1].js", cAlternateFileName="AUTOTR~1.JS")) returned 1 [0029.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.682] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13a9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x13a9, lpOverlapped=0x0) returned 1 [0029.684] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.684] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13a9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x13a9, lpOverlapped=0x0) returned 1 [0029.684] CloseHandle (hObject=0x54) returned 1 [0029.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.684] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js.adv")) returned 1 [0029.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.685] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x145, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BB56XTo[1].png", cAlternateFileName="BB56XT~1.PNG")) returned 1 [0029.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.685] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x145, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x145, lpOverlapped=0x0) returned 1 [0029.687] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.687] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x145, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x145, lpOverlapped=0x0) returned 1 [0029.687] CloseHandle (hObject=0x54) returned 1 [0029.687] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.687] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png.adv")) returned 1 [0029.688] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.688] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.688] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BB5vO0g[1].png", cAlternateFileName="BB5VO0~1.PNG")) returned 1 [0029.688] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.688] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.688] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.688] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1b6, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1b6, lpOverlapped=0x0) returned 1 [0029.690] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.690] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1b6, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1b6, lpOverlapped=0x0) returned 1 [0029.690] CloseHandle (hObject=0x54) returned 1 [0029.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.690] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png.adv")) returned 1 [0029.690] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.690] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.690] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BB8AdqN[1].png", cAlternateFileName="BB8ADQ~1.PNG")) returned 1 [0029.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.691] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x156, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x156, lpOverlapped=0x0) returned 1 [0029.692] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.692] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x156, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x156, lpOverlapped=0x0) returned 1 [0029.693] CloseHandle (hObject=0x54) returned 1 [0029.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.693] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png.adv")) returned 1 [0029.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.693] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45be8b30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45be8b30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ca7210, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x152c, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBALZyp[1].jpg", cAlternateFileName="BBALZY~1.JPG")) returned 1 [0029.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.694] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x152c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x152c, lpOverlapped=0x0) returned 1 [0029.695] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.695] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x152c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x152c, lpOverlapped=0x0) returned 1 [0029.695] CloseHandle (hObject=0x54) returned 1 [0029.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.695] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg.adv")) returned 1 [0029.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.696] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5360ae70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5360ae70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5360ae70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBImKp[1].jpg", cAlternateFileName="BBBIMK~1.JPG")) returned 1 [0029.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.696] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x97c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x97c, lpOverlapped=0x0) returned 1 [0029.698] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.698] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x97c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x97c, lpOverlapped=0x0) returned 1 [0029.698] CloseHandle (hObject=0x54) returned 1 [0029.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.698] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg.adv")) returned 1 [0029.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.699] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53598a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53598a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53630fd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29ca, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBMGJo[1].jpg", cAlternateFileName="BBBMGJ~1.JPG")) returned 1 [0029.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.699] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29ca, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x29ca, lpOverlapped=0x0) returned 1 [0029.701] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.701] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29ca, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x29ca, lpOverlapped=0x0) returned 1 [0029.701] CloseHandle (hObject=0x54) returned 1 [0029.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.701] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg.adv")) returned 1 [0029.702] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.702] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.702] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x862, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBMKDF[1].jpg", cAlternateFileName="BBBMKD~1.JPG")) returned 1 [0029.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.702] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.702] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x862, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x862, lpOverlapped=0x0) returned 1 [0029.703] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.704] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x862, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x862, lpOverlapped=0x0) returned 1 [0029.704] CloseHandle (hObject=0x54) returned 1 [0029.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.704] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg.adv")) returned 1 [0029.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.704] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53846310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142e, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBMQch[1].jpg", cAlternateFileName="BBBMQC~1.JPG")) returned 1 [0029.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.705] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x142e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x142e, lpOverlapped=0x0) returned 1 [0029.708] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.708] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x142e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x142e, lpOverlapped=0x0) returned 1 [0029.708] CloseHandle (hObject=0x54) returned 1 [0029.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.708] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg.adv")) returned 1 [0029.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.709] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58321c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58321c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x58321c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e6b, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBMyVh[1].jpg", cAlternateFileName="BBBMYV~1.JPG")) returned 1 [0029.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.709] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e6b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3e6b, lpOverlapped=0x0) returned 1 [0029.711] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.711] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e6b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3e6b, lpOverlapped=0x0) returned 1 [0029.711] CloseHandle (hObject=0x54) returned 1 [0029.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.711] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg.adv")) returned 1 [0029.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.711] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53337450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x812, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBNAf7[1].jpg", cAlternateFileName="BBBNAF~1.JPG")) returned 1 [0029.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.712] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x812, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x812, lpOverlapped=0x0) returned 1 [0029.713] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.713] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x812, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x812, lpOverlapped=0x0) returned 1 [0029.714] CloseHandle (hObject=0x54) returned 1 [0029.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.714] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg.adv")) returned 1 [0029.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.714] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb22, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBNnTF[1].jpg", cAlternateFileName="BBBNNT~1.JPG")) returned 1 [0029.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.715] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb22, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xb22, lpOverlapped=0x0) returned 1 [0029.716] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.716] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb22, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xb22, lpOverlapped=0x0) returned 1 [0029.717] CloseHandle (hObject=0x54) returned 1 [0029.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.717] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg.adv")) returned 1 [0029.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.717] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539c30d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539c30d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539c30d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1529, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBO4dZ[1].jpg", cAlternateFileName="BBBO4D~1.JPG")) returned 1 [0029.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.719] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1529, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1529, lpOverlapped=0x0) returned 1 [0029.721] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.721] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1529, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1529, lpOverlapped=0x0) returned 1 [0029.721] CloseHandle (hObject=0x54) returned 1 [0029.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.721] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg.adv")) returned 1 [0029.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.722] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1e61, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBO8ow[1].jpg", cAlternateFileName="BBBO8O~1.JPG")) returned 1 [0029.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.722] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1e61, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1e61, lpOverlapped=0x0) returned 1 [0029.724] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.724] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1e61, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1e61, lpOverlapped=0x0) returned 1 [0029.724] CloseHandle (hObject=0x54) returned 1 [0029.724] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.724] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg.adv")) returned 1 [0029.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.725] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x636, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBOaeS[1].jpg", cAlternateFileName="BBBOAE~1.JPG")) returned 1 [0029.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.725] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x636, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x636, lpOverlapped=0x0) returned 1 [0029.726] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.726] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x636, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x636, lpOverlapped=0x0) returned 1 [0029.727] CloseHandle (hObject=0x54) returned 1 [0029.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.727] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg.adv")) returned 1 [0029.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.728] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53278d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53278d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53278d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x82a, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBOcIb[1].jpg", cAlternateFileName="BBBOCI~1.JPG")) returned 1 [0029.728] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.728] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.728] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.728] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x82a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x82a, lpOverlapped=0x0) returned 1 [0029.729] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.730] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x82a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x82a, lpOverlapped=0x0) returned 1 [0029.730] CloseHandle (hObject=0x54) returned 1 [0029.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.730] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg.adv")) returned 1 [0029.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.730] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53b8c150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161e, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBOddp[1].jpg", cAlternateFileName="BBBODD~1.JPG")) returned 1 [0029.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.731] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x161e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x161e, lpOverlapped=0x0) returned 1 [0029.733] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.733] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x161e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x161e, lpOverlapped=0x0) returned 1 [0029.733] CloseHandle (hObject=0x54) returned 1 [0029.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.733] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg.adv")) returned 1 [0029.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.733] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a1fd500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a1fd500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a223660, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5685, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBOmar[1].jpg", cAlternateFileName="BBBOMA~1.JPG")) returned 1 [0029.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.734] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5685, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x5685, lpOverlapped=0x0) returned 1 [0029.736] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.736] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5685, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x5685, lpOverlapped=0x0) returned 1 [0029.736] CloseHandle (hObject=0x54) returned 1 [0029.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.737] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg.adv")) returned 1 [0029.737] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.737] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.737] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f7f1f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2f6b, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBR4yQ[1].jpg", cAlternateFileName="BBBR4Y~1.JPG")) returned 1 [0029.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.737] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.738] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2f6b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2f6b, lpOverlapped=0x0) returned 1 [0029.741] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.741] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2f6b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2f6b, lpOverlapped=0x0) returned 1 [0029.741] CloseHandle (hObject=0x54) returned 1 [0029.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.741] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg.adv")) returned 1 [0029.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.744] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e4e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e4e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e4e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x264b, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBUPaj[1].jpg", cAlternateFileName="BBBUPA~1.JPG")) returned 1 [0029.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.744] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x264b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x264b, lpOverlapped=0x0) returned 1 [0029.746] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.746] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x264b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x264b, lpOverlapped=0x0) returned 1 [0029.746] CloseHandle (hObject=0x54) returned 1 [0029.746] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.746] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg.adv")) returned 1 [0029.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.747] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e275160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e275160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5e275160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e08, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBVEOW[1].jpg", cAlternateFileName="BBBVEO~1.JPG")) returned 1 [0029.747] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.747] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.747] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e08, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3e08, lpOverlapped=0x0) returned 1 [0029.749] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.749] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e08, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3e08, lpOverlapped=0x0) returned 1 [0029.749] CloseHandle (hObject=0x54) returned 1 [0029.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.749] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg.adv")) returned 1 [0029.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.750] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f32f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f32f30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f32f30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa1f, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBVLcG[1].jpg", cAlternateFileName="BBBVLC~1.JPG")) returned 1 [0029.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.750] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa1f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xa1f, lpOverlapped=0x0) returned 1 [0029.752] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.752] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa1f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xa1f, lpOverlapped=0x0) returned 1 [0029.752] CloseHandle (hObject=0x54) returned 1 [0029.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.752] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg.adv")) returned 1 [0029.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.753] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x82d, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBVSkP[1].jpg", cAlternateFileName="BBBVSK~1.JPG")) returned 1 [0029.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.753] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x82d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x82d, lpOverlapped=0x0) returned 1 [0029.755] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.755] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x82d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x82d, lpOverlapped=0x0) returned 1 [0029.755] CloseHandle (hObject=0x54) returned 1 [0029.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.755] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg.adv")) returned 1 [0029.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.755] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x612a8ee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x612a8ee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x612a8ee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x16f5, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBYfEH[1].jpg", cAlternateFileName="BBBYFE~1.JPG")) returned 1 [0029.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.756] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.756] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16f5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x16f5, lpOverlapped=0x0) returned 1 [0029.758] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.758] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16f5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x16f5, lpOverlapped=0x0) returned 1 [0029.758] CloseHandle (hObject=0x54) returned 1 [0029.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.758] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg.adv")) returned 1 [0029.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.758] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53017770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc20, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBBZ5vT[1].jpg", cAlternateFileName="BBBZ5V~1.JPG")) returned 1 [0029.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.759] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc20, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xc20, lpOverlapped=0x0) returned 1 [0029.760] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.760] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc20, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xc20, lpOverlapped=0x0) returned 1 [0029.761] CloseHandle (hObject=0x54) returned 1 [0029.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.761] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg.adv")) returned 1 [0029.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.761] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514ddbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x514ddbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x514ddbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x86e, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBC02Gr[1].jpg", cAlternateFileName="BBC02G~1.JPG")) returned 1 [0029.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.762] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x86e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x86e, lpOverlapped=0x0) returned 1 [0029.763] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.763] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x86e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x86e, lpOverlapped=0x0) returned 1 [0029.763] CloseHandle (hObject=0x54) returned 1 [0029.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.763] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg.adv")) returned 1 [0029.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.764] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5392ab50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5392ab50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5392ab50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x86e, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBC02Gr[2].jpg", cAlternateFileName="BBC02G~2.JPG")) returned 1 [0029.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.765] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x86e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x86e, lpOverlapped=0x0) returned 1 [0029.766] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.766] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x86e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x86e, lpOverlapped=0x0) returned 1 [0029.766] CloseHandle (hObject=0x54) returned 1 [0029.766] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.766] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg.adv")) returned 1 [0029.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.767] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fa5350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x89a, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBC03B1[1].jpg", cAlternateFileName="BBC03B~1.JPG")) returned 1 [0029.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.768] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x89a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x89a, lpOverlapped=0x0) returned 1 [0029.769] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.769] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x89a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x89a, lpOverlapped=0x0) returned 1 [0029.770] CloseHandle (hObject=0x54) returned 1 [0029.770] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.770] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg.adv")) returned 1 [0029.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.772] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f0cdd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7bb, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBC06Ub[1].jpg", cAlternateFileName="BBC06U~1.JPG")) returned 1 [0029.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.772] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7bb, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7bb, lpOverlapped=0x0) returned 1 [0029.774] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.774] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7bb, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7bb, lpOverlapped=0x0) returned 1 [0029.774] CloseHandle (hObject=0x54) returned 1 [0029.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.774] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg.adv")) returned 1 [0029.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.775] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9ab, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBC0Djg[1].jpg", cAlternateFileName="BBC0DJ~1.JPG")) returned 1 [0029.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.775] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9ab, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x9ab, lpOverlapped=0x0) returned 1 [0029.777] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.777] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9ab, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x9ab, lpOverlapped=0x0) returned 1 [0029.777] CloseHandle (hObject=0x54) returned 1 [0029.777] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.777] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg.adv")) returned 1 [0029.777] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.777] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.778] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ec0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7fd, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBC0g7a[1].jpg", cAlternateFileName="BBC0G7~1.JPG")) returned 1 [0029.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.779] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7fd, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7fd, lpOverlapped=0x0) returned 1 [0029.780] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.780] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7fd, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7fd, lpOverlapped=0x0) returned 1 [0029.780] CloseHandle (hObject=0x54) returned 1 [0029.780] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.780] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg.adv")) returned 1 [0029.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.781] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x82f, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBC0lf2[1].jpg", cAlternateFileName="BBC0LF~1.JPG")) returned 1 [0029.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.782] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x82f, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x82f, lpOverlapped=0x0) returned 1 [0029.784] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.784] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x82f, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x82f, lpOverlapped=0x0) returned 1 [0029.784] CloseHandle (hObject=0x54) returned 1 [0029.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.784] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg.adv")) returned 1 [0029.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.784] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2e35a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2e35a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5b2e35a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1afe, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBC0mK1[1].jpg", cAlternateFileName="BBC0MK~1.JPG")) returned 1 [0029.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.785] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1afe, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1afe, lpOverlapped=0x0) returned 1 [0029.786] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.787] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1afe, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1afe, lpOverlapped=0x0) returned 1 [0029.787] CloseHandle (hObject=0x54) returned 1 [0029.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.787] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg.adv")) returned 1 [0029.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.787] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1fc3, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBC0qlB[1].jpg", cAlternateFileName="BBC0QL~1.JPG")) returned 1 [0029.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.788] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1fc3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1fc3, lpOverlapped=0x0) returned 1 [0029.789] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.789] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1fc3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1fc3, lpOverlapped=0x0) returned 1 [0029.790] CloseHandle (hObject=0x54) returned 1 [0029.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.790] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg.adv")) returned 1 [0029.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.790] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2ecb, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBE7KPZ[1].jpg", cAlternateFileName="BBE7KP~1.JPG")) returned 1 [0029.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.791] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2ecb, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2ecb, lpOverlapped=0x0) returned 1 [0029.792] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.792] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2ecb, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2ecb, lpOverlapped=0x0) returned 1 [0029.792] CloseHandle (hObject=0x54) returned 1 [0029.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.792] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg.adv")) returned 1 [0029.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.793] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a6bd70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x9c5, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBE8IlA[1].jpg", cAlternateFileName="BBE8IL~1.JPG")) returned 1 [0029.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.794] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9c5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x9c5, lpOverlapped=0x0) returned 1 [0029.795] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.795] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9c5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x9c5, lpOverlapped=0x0) returned 1 [0029.795] CloseHandle (hObject=0x54) returned 1 [0029.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.795] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg.adv")) returned 1 [0029.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.796] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b9c870, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2669, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBE972F[1].jpg", cAlternateFileName="BBE972~1.JPG")) returned 1 [0029.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.796] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2669, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2669, lpOverlapped=0x0) returned 1 [0029.798] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.798] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2669, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2669, lpOverlapped=0x0) returned 1 [0029.798] CloseHandle (hObject=0x54) returned 1 [0029.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.798] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg.adv")) returned 1 [0029.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.799] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2a77, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBE9tdx[1].jpg", cAlternateFileName="BBE9TD~1.JPG")) returned 1 [0029.799] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.799] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.799] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a77, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2a77, lpOverlapped=0x0) returned 1 [0029.801] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.801] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a77, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2a77, lpOverlapped=0x0) returned 1 [0029.801] CloseHandle (hObject=0x54) returned 1 [0029.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.801] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg.adv")) returned 1 [0029.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.802] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2fe3, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEdrqt[1].jpg", cAlternateFileName="BBEDRQ~1.JPG")) returned 1 [0029.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.802] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fe3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2fe3, lpOverlapped=0x0) returned 1 [0029.804] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.804] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fe3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2fe3, lpOverlapped=0x0) returned 1 [0029.804] CloseHandle (hObject=0x54) returned 1 [0029.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.804] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg.adv")) returned 1 [0029.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.805] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x857, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEeEwt[1].jpg", cAlternateFileName="BBEEEW~1.JPG")) returned 1 [0029.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.805] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x857, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x857, lpOverlapped=0x0) returned 1 [0029.807] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.807] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x857, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x857, lpOverlapped=0x0) returned 1 [0029.807] CloseHandle (hObject=0x54) returned 1 [0029.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.807] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg.adv")) returned 1 [0029.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.808] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4593b270, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7d9, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEeis3[1].jpg", cAlternateFileName="BBEEIS~1.JPG")) returned 1 [0029.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.808] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7d9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7d9, lpOverlapped=0x0) returned 1 [0029.810] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.810] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7d9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7d9, lpOverlapped=0x0) returned 1 [0029.810] CloseHandle (hObject=0x54) returned 1 [0029.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.810] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg.adv")) returned 1 [0029.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.811] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8c5, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEeKvV[1].jpg", cAlternateFileName="BBEEKV~1.JPG")) returned 1 [0029.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.811] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8c5, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x8c5, lpOverlapped=0x0) returned 1 [0029.813] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.813] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8c5, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x8c5, lpOverlapped=0x0) returned 1 [0029.813] CloseHandle (hObject=0x54) returned 1 [0029.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.813] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg.adv")) returned 1 [0029.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.814] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a91ed0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a91ed0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xef00, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEeNd8[1].png", cAlternateFileName="BBEEND~1.PNG")) returned 1 [0029.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.814] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xef00, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xef00, lpOverlapped=0x0) returned 1 [0029.816] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.816] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xef00, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xef00, lpOverlapped=0x0) returned 1 [0029.816] CloseHandle (hObject=0x54) returned 1 [0029.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.816] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png.adv")) returned 1 [0029.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.817] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3323, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEewZB[1].jpg", cAlternateFileName="BBEEWZ~1.JPG")) returned 1 [0029.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.817] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3323, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3323, lpOverlapped=0x0) returned 1 [0029.819] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.819] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3323, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3323, lpOverlapped=0x0) returned 1 [0029.819] CloseHandle (hObject=0x54) returned 1 [0029.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.819] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg.adv")) returned 1 [0029.820] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.820] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.820] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x9d7, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEeZ0k[1].jpg", cAlternateFileName="BBEEZ0~1.JPG")) returned 1 [0029.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.822] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9d7, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x9d7, lpOverlapped=0x0) returned 1 [0029.823] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.823] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9d7, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x9d7, lpOverlapped=0x0) returned 1 [0029.823] CloseHandle (hObject=0x54) returned 1 [0029.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.824] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg.adv")) returned 1 [0029.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.824] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2d32, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEf6s4[1].jpg", cAlternateFileName="BBEF6S~1.JPG")) returned 1 [0029.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.825] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d32, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2d32, lpOverlapped=0x0) returned 1 [0029.826] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.826] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d32, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2d32, lpOverlapped=0x0) returned 1 [0029.826] CloseHandle (hObject=0x54) returned 1 [0029.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.826] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg.adv")) returned 1 [0029.827] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.827] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.827] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b2a450, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x85d, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEfAc5[1].jpg", cAlternateFileName="BBEFAC~1.JPG")) returned 1 [0029.827] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.827] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.827] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.828] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x85d, lpOverlapped=0x0) returned 1 [0029.829] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.829] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x85d, lpOverlapped=0x0) returned 1 [0029.829] CloseHandle (hObject=0x54) returned 1 [0029.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.829] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg.adv")) returned 1 [0029.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.830] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45510bf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x197c, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEfgDi[1].jpg", cAlternateFileName="BBEFGD~1.JPG")) returned 1 [0029.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.830] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x197c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x197c, lpOverlapped=0x0) returned 1 [0029.832] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.832] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x197c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x197c, lpOverlapped=0x0) returned 1 [0029.832] CloseHandle (hObject=0x54) returned 1 [0029.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.833] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg.adv")) returned 1 [0029.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.833] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xb7e, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEfjuT[1].jpg", cAlternateFileName="BBEFJU~1.JPG")) returned 1 [0029.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.834] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb7e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xb7e, lpOverlapped=0x0) returned 1 [0029.837] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.837] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb7e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xb7e, lpOverlapped=0x0) returned 1 [0029.837] CloseHandle (hObject=0x54) returned 1 [0029.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.838] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg.adv")) returned 1 [0029.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.838] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457be4b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1b14, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEfkgi[1].jpg", cAlternateFileName="BBEFKG~1.JPG")) returned 1 [0029.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.839] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1b14, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1b14, lpOverlapped=0x0) returned 1 [0029.840] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.840] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1b14, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1b14, lpOverlapped=0x0) returned 1 [0029.840] CloseHandle (hObject=0x54) returned 1 [0029.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.840] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg.adv")) returned 1 [0029.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.841] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2978, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEfRKA[1].jpg", cAlternateFileName="BBEFRK~1.JPG")) returned 1 [0029.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.841] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2978, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2978, lpOverlapped=0x0) returned 1 [0029.843] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.843] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2978, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2978, lpOverlapped=0x0) returned 1 [0029.843] CloseHandle (hObject=0x54) returned 1 [0029.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.843] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg.adv")) returned 1 [0029.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.844] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457721f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b6c, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEfRwv[1].jpg", cAlternateFileName="BBEFRW~1.JPG")) returned 1 [0029.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.844] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b6c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2b6c, lpOverlapped=0x0) returned 1 [0029.846] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.846] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b6c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2b6c, lpOverlapped=0x0) returned 1 [0029.846] CloseHandle (hObject=0x54) returned 1 [0029.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.846] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg.adv")) returned 1 [0029.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.847] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45478670, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45478670, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45478670, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2676, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEfwtU[1].jpg", cAlternateFileName="BBEFWT~1.JPG")) returned 1 [0029.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.847] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2676, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2676, lpOverlapped=0x0) returned 1 [0029.849] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.849] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2676, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2676, lpOverlapped=0x0) returned 1 [0029.849] CloseHandle (hObject=0x54) returned 1 [0029.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.849] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg.adv")) returned 1 [0029.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.850] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xb41, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEfY4X[1].jpg", cAlternateFileName="BBEFY4~1.JPG")) returned 1 [0029.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.850] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb41, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xb41, lpOverlapped=0x0) returned 1 [0029.852] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.852] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb41, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xb41, lpOverlapped=0x0) returned 1 [0029.852] CloseHandle (hObject=0x54) returned 1 [0029.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.852] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg.adv")) returned 1 [0029.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.853] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x25f6, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEgD9f[1].jpg", cAlternateFileName="BBEGD9~1.JPG")) returned 1 [0029.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.853] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x25f6, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x25f6, lpOverlapped=0x0) returned 1 [0029.854] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.855] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x25f6, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x25f6, lpOverlapped=0x0) returned 1 [0029.855] CloseHandle (hObject=0x54) returned 1 [0029.855] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.855] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg.adv")) returned 1 [0029.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.856] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x819, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEgJfz[1].jpg", cAlternateFileName="BBEGJF~1.JPG")) returned 1 [0029.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.856] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x819, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x819, lpOverlapped=0x0) returned 1 [0029.858] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.858] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x819, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x819, lpOverlapped=0x0) returned 1 [0029.858] CloseHandle (hObject=0x54) returned 1 [0029.858] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.858] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg.adv")) returned 1 [0029.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.859] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b2a450, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x916, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEgsWA[1].jpg", cAlternateFileName="BBEGSW~1.JPG")) returned 1 [0029.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.859] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x916, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x916, lpOverlapped=0x0) returned 1 [0029.861] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.861] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x916, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x916, lpOverlapped=0x0) returned 1 [0029.861] CloseHandle (hObject=0x54) returned 1 [0029.861] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.861] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg.adv")) returned 1 [0029.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.862] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x918, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBEgX5G[1].jpg", cAlternateFileName="BBEGX5~1.JPG")) returned 1 [0029.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.862] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x918, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x918, lpOverlapped=0x0) returned 1 [0029.864] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.864] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x918, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x918, lpOverlapped=0x0) returned 1 [0029.864] CloseHandle (hObject=0x54) returned 1 [0029.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.864] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg.adv")) returned 1 [0029.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.865] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51256470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3a2, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBih5H[1].png", cAlternateFileName="BBIH5H~1.PNG")) returned 1 [0029.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.865] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3a2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3a2, lpOverlapped=0x0) returned 1 [0029.867] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.867] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3a2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3a2, lpOverlapped=0x0) returned 1 [0029.867] CloseHandle (hObject=0x54) returned 1 [0029.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.867] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png.adv")) returned 1 [0029.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.867] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x24c, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBmUxRK[1].png", cAlternateFileName="BBMUXR~1.PNG")) returned 1 [0029.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.868] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24c, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x24c, lpOverlapped=0x0) returned 1 [0029.869] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.871] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24c, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x24c, lpOverlapped=0x0) returned 1 [0029.871] CloseHandle (hObject=0x54) returned 1 [0029.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.871] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png.adv")) returned 1 [0029.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.872] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.872] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459f9950, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x398, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBndhJA[1].png", cAlternateFileName="BBNDHJ~1.PNG")) returned 1 [0029.872] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.872] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.872] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.872] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x398, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x398, lpOverlapped=0x0) returned 1 [0029.885] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.885] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x398, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x398, lpOverlapped=0x0) returned 1 [0029.886] CloseHandle (hObject=0x54) returned 1 [0029.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.889] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png.adv")) returned 1 [0029.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.891] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x230, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBoqF0J[1].png", cAlternateFileName="BBOQF0~1.PNG")) returned 1 [0029.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.892] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x230, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x230, lpOverlapped=0x0) returned 1 [0029.894] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.894] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x230, lpOverlapped=0x0) returned 1 [0029.894] CloseHandle (hObject=0x54) returned 1 [0029.894] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.894] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png.adv")) returned 1 [0029.894] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.894] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.894] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x6d, cFileName="BBzjV9E[1].png", cAlternateFileName="BBZJV9~1.PNG")) returned 1 [0029.894] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.894] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.895] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.895] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x116, lpOverlapped=0x0) returned 1 [0029.897] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.897] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x116, lpOverlapped=0x0) returned 1 [0029.897] CloseHandle (hObject=0x54) returned 1 [0029.897] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.897] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png.adv")) returned 1 [0029.898] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.898] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.898] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60cdb940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60cdb940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60d4dd60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1fdaf, dwReserved0=0x0, dwReserved1=0x6d, cFileName="benefits-1[1].jpg", cAlternateFileName="BENEFI~1.JPG")) returned 1 [0029.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.898] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.898] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1fdaf, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1fdaf, lpOverlapped=0x0) returned 1 [0029.900] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.900] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1fdaf, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1fdaf, lpOverlapped=0x0) returned 1 [0029.902] CloseHandle (hObject=0x54) returned 1 [0029.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.903] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg.adv")) returned 1 [0029.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.903] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6157c900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6157c900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x615c8bc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12282, dwReserved0=0x0, dwReserved1=0x6d, cFileName="cb=gapi[1].loaded_1", cAlternateFileName="CB_GAP~1.LOA")) returned 1 [0029.903] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.903] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.904] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12282, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x12282, lpOverlapped=0x0) returned 1 [0029.907] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.907] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12282, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x12282, lpOverlapped=0x0) returned 1 [0029.907] CloseHandle (hObject=0x54) returned 1 [0029.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.907] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1.adv")) returned 1 [0029.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.910] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50fa0830, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x82d8, dwReserved0=0x0, dwReserved1=0x6d, cFileName="chartbeat[1].js", cAlternateFileName="CHARTB~1.JS")) returned 1 [0029.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.910] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x82d8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x82d8, lpOverlapped=0x0) returned 1 [0029.912] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.912] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x82d8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x82d8, lpOverlapped=0x0) returned 1 [0029.912] CloseHandle (hObject=0x54) returned 1 [0029.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.912] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js.adv")) returned 1 [0029.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.913] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c8f680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60c8f680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60d01aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3bf20, dwReserved0=0x0, dwReserved1=0x6d, cFileName="chrome-installer.min[1].js", cAlternateFileName="CHROME~1.JS")) returned 1 [0029.913] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.913] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.913] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3bf20, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3bf20, lpOverlapped=0x0) returned 1 [0029.917] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.917] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3bf20, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3bf20, lpOverlapped=0x0) returned 1 [0029.917] CloseHandle (hObject=0x54) returned 1 [0029.917] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.917] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js.adv")) returned 1 [0029.918] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.918] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.918] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60aec760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60aec760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60aec760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1622, dwReserved0=0x0, dwReserved1=0x6d, cFileName="chrome_logo_2x[1].png", cAlternateFileName="CHROME~1.PNG")) returned 1 [0029.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.918] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.919] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1622, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1622, lpOverlapped=0x0) returned 1 [0029.920] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.920] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1622, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1622, lpOverlapped=0x0) returned 1 [0029.920] CloseHandle (hObject=0x54) returned 1 [0029.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.920] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png.adv")) returned 1 [0029.921] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.921] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.921] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x610b9d00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x610b9d00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13d, dwReserved0=0x0, dwReserved1=0x6d, cFileName="close-icon[1].png", cAlternateFileName="CLOSE-~1.PNG")) returned 1 [0029.921] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.921] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.921] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.921] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13d, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x13d, lpOverlapped=0x0) returned 1 [0029.923] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.923] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13d, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x13d, lpOverlapped=0x0) returned 1 [0029.923] CloseHandle (hObject=0x54) returned 1 [0029.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.923] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png.adv")) returned 1 [0029.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.924] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54e4ae90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54e4ae90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e4ae90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269b2, dwReserved0=0x0, dwReserved1=0x6d, cFileName="css[1].txt", cAlternateFileName="CSS_1_~1.TXT")) returned 1 [0029.924] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.924] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.924] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.924] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x269b2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x269b2, lpOverlapped=0x0) returned 1 [0029.928] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.928] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x269b2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x269b2, lpOverlapped=0x0) returned 1 [0029.928] CloseHandle (hObject=0x54) returned 1 [0029.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.928] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt.adv")) returned 1 [0029.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.929] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x6d, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0029.929] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.929] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.930] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x43, lpOverlapped=0x0) returned 1 [0029.931] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.931] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x43, lpOverlapped=0x0) returned 1 [0029.931] CloseHandle (hObject=0x54) returned 1 [0029.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.931] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini.adv")) returned 1 [0029.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.931] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf7af630, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7af630, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf821a50, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x4d5b9, dwReserved0=0x0, dwReserved1=0x6d, cFileName="ebHtml5Banner[1].js", cAlternateFileName="EBHTML~1.JS")) returned 1 [0029.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.933] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4d5b9, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4d5b9, lpOverlapped=0x0) returned 1 [0029.937] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.937] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4d5b9, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4d5b9, lpOverlapped=0x0) returned 1 [0029.938] CloseHandle (hObject=0x54) returned 1 [0029.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.938] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js.adv")) returned 1 [0029.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.940] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64009240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64009240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6402f3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5244, dwReserved0=0x0, dwReserved1=0x6d, cFileName="eula-win[1].jpg", cAlternateFileName="EULA-W~1.JPG")) returned 1 [0029.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.941] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5244, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x5244, lpOverlapped=0x0) returned 1 [0029.942] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.942] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5244, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x5244, lpOverlapped=0x0) returned 1 [0029.942] CloseHandle (hObject=0x54) returned 1 [0029.942] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg.adv")) returned 1 [0029.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.943] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe15e7f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe15e7f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe15e7f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1303, dwReserved0=0x0, dwReserved1=0x6d, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]", cAlternateFileName="GETYPE~3")) returned 1 [0029.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.945] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1303, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1303, lpOverlapped=0x0) returned 1 [0029.946] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.947] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1303, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1303, lpOverlapped=0x0) returned 1 [0029.947] CloseHandle (hObject=0x54) returned 1 [0029.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f3be0 [0029.947] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1].adv")) returned 0 [0029.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3be0 | out: hHeap=0x6d0000) returned 1 [0029.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.947] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8c3, dwReserved0=0x0, dwReserved1=0x6d, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]", cAlternateFileName="GETYPE~1")) returned 1 [0029.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f39c8 [0029.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.948] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8c3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x8c3, lpOverlapped=0x0) returned 1 [0029.949] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.949] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8c3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x8c3, lpOverlapped=0x0) returned 1 [0029.949] CloseHandle (hObject=0x54) returned 1 [0029.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f3be0 [0029.949] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1].adv")) returned 0 [0029.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3be0 | out: hHeap=0x6d0000) returned 1 [0029.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.950] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe138690, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe138690, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe138690, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x972, dwReserved0=0x0, dwReserved1=0x6d, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]", cAlternateFileName="GETYPE~2")) returned 1 [0029.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f39c8 [0029.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.950] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x972, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x972, lpOverlapped=0x0) returned 1 [0029.952] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.952] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x972, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x972, lpOverlapped=0x0) returned 1 [0029.952] CloseHandle (hObject=0x54) returned 1 [0029.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x210) returned 0x6f3be0 [0029.952] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1].adv")) returned 0 [0029.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3be0 | out: hHeap=0x6d0000) returned 1 [0029.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.952] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510ff810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510ff810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51125970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1762e, dwReserved0=0x0, dwReserved1=0x6d, cFileName="jquery-1.11.1.min[1].js", cAlternateFileName="JQUERY~1.JS")) returned 1 [0029.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.953] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1762e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1762e, lpOverlapped=0x0) returned 1 [0029.956] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.956] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1762e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1762e, lpOverlapped=0x0) returned 1 [0029.956] CloseHandle (hObject=0x54) returned 1 [0029.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.956] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js.adv")) returned 1 [0029.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.957] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5442d110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5442d110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5442d110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b8, dwReserved0=0x0, dwReserved1=0x6d, cFileName="js[1]", cAlternateFileName="JS_1_~1")) returned 1 [0029.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.957] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4b8, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4b8, lpOverlapped=0x0) returned 1 [0029.959] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.959] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4b8, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4b8, lpOverlapped=0x0) returned 1 [0029.959] CloseHandle (hObject=0x54) returned 1 [0029.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.959] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1].adv")) returned 1 [0029.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.960] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bd95f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bd95f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bd95f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3c1, dwReserved0=0x0, dwReserved1=0x6d, cFileName="js[2]", cAlternateFileName="JS_2_~1")) returned 1 [0029.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.960] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c1, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3c1, lpOverlapped=0x0) returned 1 [0029.962] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.962] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c1, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3c1, lpOverlapped=0x0) returned 1 [0029.963] CloseHandle (hObject=0x54) returned 1 [0029.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.963] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2].adv")) returned 1 [0029.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.963] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d66650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d66650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e70ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7154, dwReserved0=0x0, dwReserved1=0x6d, cFileName="latest[1].eot", cAlternateFileName="LATEST~1.EOT")) returned 1 [0029.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.964] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7154, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x7154, lpOverlapped=0x0) returned 1 [0029.968] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.968] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7154, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x7154, lpOverlapped=0x0) returned 1 [0029.968] CloseHandle (hObject=0x54) returned 1 [0029.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.968] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot.adv")) returned 1 [0029.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.969] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e97150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6e9b, dwReserved0=0x0, dwReserved1=0x6d, cFileName="latest[2].eot", cAlternateFileName="LATEST~2.EOT")) returned 1 [0029.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.969] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e9b, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x6e9b, lpOverlapped=0x0) returned 1 [0029.971] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.971] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e9b, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x6e9b, lpOverlapped=0x0) returned 1 [0029.971] CloseHandle (hObject=0x54) returned 1 [0029.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.971] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot.adv")) returned 1 [0029.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.972] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e97150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x77b3, dwReserved0=0x0, dwReserved1=0x6d, cFileName="latest[3].eot", cAlternateFileName="LATEST~3.EOT")) returned 1 [0029.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.973] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x77b3, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x77b3, lpOverlapped=0x0) returned 1 [0029.974] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.974] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x77b3, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x77b3, lpOverlapped=0x0) returned 1 [0029.974] CloseHandle (hObject=0x54) returned 1 [0029.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.975] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot.adv")) returned 1 [0029.975] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.975] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.975] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e4e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e4e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53122110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x922, dwReserved0=0x0, dwReserved1=0x6d, cFileName="msn[1].htm", cAlternateFileName="MSN_1_~1.HTM")) returned 1 [0029.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.975] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.976] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x922, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x922, lpOverlapped=0x0) returned 1 [0029.977] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.977] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x922, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x922, lpOverlapped=0x0) returned 1 [0029.977] CloseHandle (hObject=0x54) returned 1 [0029.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.978] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm.adv")) returned 1 [0029.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.978] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6378e3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6378e3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x637b4540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3112, dwReserved0=0x0, dwReserved1=0x6d, cFileName="rpc_shindig_random[1].js", cAlternateFileName="RPC_SH~1.JS")) returned 1 [0029.978] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.978] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.979] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3112, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3112, lpOverlapped=0x0) returned 1 [0029.981] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.981] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3112, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3112, lpOverlapped=0x0) returned 1 [0029.981] CloseHandle (hObject=0x54) returned 1 [0029.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f39c8 [0029.981] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js.adv")) returned 1 [0029.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.981] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xbf7d5790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7d5790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7d5790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x6d, cFileName="thirdparty[1]", cAlternateFileName="THIRDP~1")) returned 1 [0029.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\thirdparty[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\thirdparty[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.982] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.982] CloseHandle (hObject=0x54) returned 1 [0029.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.982] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\thirdparty[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\thirdparty[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\thirdparty[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\thirdparty[1].adv")) returned 1 [0029.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.983] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54a20810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54a20810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54adeef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa33, dwReserved0=0x0, dwReserved1=0x6d, cFileName="uid[1].htm", cAlternateFileName="UID_1_~1.HTM")) returned 1 [0029.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.983] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa33, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xa33, lpOverlapped=0x0) returned 1 [0029.985] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.985] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa33, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xa33, lpOverlapped=0x0) returned 1 [0029.985] CloseHandle (hObject=0x54) returned 1 [0029.985] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.985] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm.adv")) returned 1 [0029.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.986] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe5d5130, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe5d5130, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe5d5130, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x3325, dwReserved0=0x0, dwReserved1=0x6d, cFileName="v2[1]", cAlternateFileName="V2_1_~1")) returned 1 [0029.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.986] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3325, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x3325, lpOverlapped=0x0) returned 1 [0029.988] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.988] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3325, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x3325, lpOverlapped=0x0) returned 1 [0029.988] CloseHandle (hObject=0x54) returned 1 [0029.988] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f39c8 [0029.988] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1].adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1].adv")) returned 1 [0029.989] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.989] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.989] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54c35b50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54c35b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54c5bcb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24fea, dwReserved0=0x0, dwReserved1=0x6d, cFileName="wc-addons[1].css", cAlternateFileName="WC-ADD~1.CSS")) returned 1 [0029.989] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f3630 [0029.989] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3870 [0029.989] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3630 | out: hHeap=0x6d0000) returned 1 [0029.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0029.990] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24fea, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x24fea, lpOverlapped=0x0) returned 1 [0029.993] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.993] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24fea, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x24fea, lpOverlapped=0x0) returned 1 [0029.993] CloseHandle (hObject=0x54) returned 1 [0029.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f39c8 [0029.993] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css.adv")) returned 1 [0029.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f39c8 | out: hHeap=0x6d0000) returned 1 [0029.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3870 | out: hHeap=0x6d0000) returned 1 [0029.994] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54c35b50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54c35b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54c5bcb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24fea, dwReserved0=0x0, dwReserved1=0x6d, cFileName="wc-addons[1].css", cAlternateFileName="WC-ADD~1.CSS")) returned 0 [0029.994] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0029.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3718 | out: hHeap=0x6d0000) returned 1 [0029.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34f0 | out: hHeap=0x6d0000) returned 1 [0029.994] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x51445650, cFileName="YG1R61Z8", cAlternateFileName="")) returned 0 [0029.994] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0029.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f33b0 | out: hHeap=0x6d0000) returned 1 [0029.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31b0 | out: hHeap=0x6d0000) returned 1 [0029.994] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x337, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0029.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f30e8 [0029.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6f31b0 [0029.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30e8 | out: hHeap=0x6d0000) returned 1 [0029.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0029.995] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0029.996] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.996] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0029.996] CloseHandle (hObject=0x4c) returned 1 [0029.996] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f32d8 [0029.996] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini.adv")) returned 1 [0029.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0029.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31b0 | out: hHeap=0x6d0000) returned 1 [0029.997] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51445650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x337, cFileName="MSIMGSIZ.DAT", cAlternateFileName="")) returned 1 [0029.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f30e8 [0029.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6f31b0 [0029.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30e8 | out: hHeap=0x6d0000) returned 1 [0029.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0029.997] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0029.999] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0029.999] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0029.999] CloseHandle (hObject=0x4c) returned 1 [0029.999] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f32d8 [0029.999] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat.adv")) returned 1 [0030.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32d8 | out: hHeap=0x6d0000) returned 1 [0030.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31b0 | out: hHeap=0x6d0000) returned 1 [0030.001] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51445650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x337, cFileName="MSIMGSIZ.DAT", cAlternateFileName="")) returned 0 [0030.001] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0030.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2018 | out: hHeap=0x6d0000) returned 1 [0030.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f08 | out: hHeap=0x6d0000) returned 1 [0030.001] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 1 [0030.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0d38 [0030.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f1f08 [0030.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0d38 | out: hHeap=0x6d0000) returned 1 [0030.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f2018 [0030.001] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x337, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0030.002] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x337, cFileName="..", cAlternateFileName="")) returned 1 [0030.002] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x337, cFileName="C", cAlternateFileName="")) returned 1 [0030.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f30f8 [0030.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f31d0 [0030.002] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x50f82a50, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0030.002] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 1 [0030.003] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x50f82a50, cFileName="Users", cAlternateFileName="")) returned 1 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f32a8 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6f3380 [0030.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f32a8 | out: hHeap=0x6d0000) returned 1 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f34c0 [0030.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.003] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 1 [0030.003] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f35a8 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f3690 [0030.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f35a8 | out: hHeap=0x6d0000) returned 1 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f37e8 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6f38f0 [0030.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f37e8 | out: hHeap=0x6d0000) returned 1 [0030.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.003] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 1 [0030.003] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="AppData", cAlternateFileName="")) returned 1 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f37e8 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6f3a78 [0030.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f37e8 | out: hHeap=0x6d0000) returned 1 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f3c00 [0030.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6f3d18 [0030.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3c00 | out: hHeap=0x6d0000) returned 1 [0030.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0030.004] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 1 [0030.004] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="Roaming", cAlternateFileName="")) returned 1 [0030.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6f3c00 [0030.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x196) returned 0x6ea818 [0030.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3c00 | out: hHeap=0x6d0000) returned 1 [0030.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f3eb8 [0030.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6ea9b8 [0030.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3eb8 | out: hHeap=0x6d0000) returned 1 [0030.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName=".", cAlternateFileName="")) returned 0x6edac8 [0030.005] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 1 [0030.005] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0030.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f3eb8 [0030.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1ae) returned 0x6ebb78 [0030.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3eb8 | out: hHeap=0x6d0000) returned 1 [0030.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ebd30 [0030.005] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x31ce08 | out: lpFindFileData=0x31ce08*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName=".", cAlternateFileName="")) returned 0x6edb08 [0030.006] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31ce08 | out: lpFindFileData=0x31ce08*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 1 [0030.006] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31ce08 | out: lpFindFileData=0x31ce08*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="Windows", cAlternateFileName="")) returned 1 [0030.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6ece80 [0030.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1de) returned 0x6ecfc8 [0030.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ece80 | out: hHeap=0x6d0000) returned 1 [0030.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6ed1b0 [0030.006] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x31cafc | out: lpFindFileData=0x31cafc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName=".", cAlternateFileName="")) returned 0x6edb48 [0030.006] FindNextFileW (in: hFindFile=0x6edb48, lpFindFileData=0x31cafc | out: lpFindFileData=0x31cafc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 1 [0030.006] FindNextFileW (in: hFindFile=0x6edb48, lpFindFileData=0x31cafc | out: lpFindFileData=0x31cafc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0030.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6ed308 [0030.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1f6) returned 0x6ed460 [0030.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed308 | out: hHeap=0x6d0000) returned 1 [0030.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6ed660 [0030.007] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*", lpFindFileData=0x31c7f0 | out: lpFindFileData=0x31c7f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName=".", cAlternateFileName="")) returned 0x6edb88 [0030.007] FindNextFileW (in: hFindFile=0x6edb88, lpFindFileData=0x31c7f0 | out: lpFindFileData=0x31c7f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 1 [0030.007] FindNextFileW (in: hFindFile=0x6edb88, lpFindFileData=0x31c7f0 | out: lpFindFileData=0x31c7f0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="Low", cAlternateFileName="")) returned 1 [0030.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f5ec8 [0030.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x160) returned 0x6f6030 [0030.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20e) returned 0x6f6198 [0030.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6030 | out: hHeap=0x6d0000) returned 1 [0030.007] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*", lpFindFileData=0x31c4e4 | out: lpFindFileData=0x31c4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName=".", cAlternateFileName="")) returned 0x6edbc8 [0030.007] FindNextFileW (in: hFindFile=0x6edbc8, lpFindFileData=0x31c4e4 | out: lpFindFileData=0x31c4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 1 [0030.008] FindNextFileW (in: hFindFile=0x6edbc8, lpFindFileData=0x31c4e4 | out: lpFindFileData=0x31c4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="..", cAlternateFileName="")) returned 0 [0030.008] FindClose (in: hFindFile=0x6edbc8 | out: hFindFile=0x6edbc8) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6198 | out: hHeap=0x6d0000) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5ec8 | out: hHeap=0x6d0000) returned 1 [0030.008] FindNextFileW (in: hFindFile=0x6edb88, lpFindFileData=0x31c7f0 | out: lpFindFileData=0x31c7f0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="Low", cAlternateFileName="")) returned 0 [0030.008] FindClose (in: hFindFile=0x6edb88 | out: hFindFile=0x6edb88) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed660 | out: hHeap=0x6d0000) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed460 | out: hHeap=0x6d0000) returned 1 [0030.008] FindNextFileW (in: hFindFile=0x6edb48, lpFindFileData=0x31cafc | out: lpFindFileData=0x31cafc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="PrivacIE", cAlternateFileName="")) returned 0 [0030.008] FindClose (in: hFindFile=0x6edb48 | out: hFindFile=0x6edb48) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed1b0 | out: hHeap=0x6d0000) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ecfc8 | out: hHeap=0x6d0000) returned 1 [0030.008] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31ce08 | out: lpFindFileData=0x31ce08*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="Windows", cAlternateFileName="")) returned 0 [0030.008] FindClose (in: hFindFile=0x6edb08 | out: hFindFile=0x6edb08) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ebd30 | out: hHeap=0x6d0000) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ebb78 | out: hHeap=0x6d0000) returned 1 [0030.008] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31d114 | out: lpFindFileData=0x31d114*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0030.008] FindClose (in: hFindFile=0x6edac8 | out: hFindFile=0x6edac8) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea9b8 | out: hHeap=0x6d0000) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea818 | out: hHeap=0x6d0000) returned 1 [0030.008] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="Roaming", cAlternateFileName="")) returned 0 [0030.008] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3d18 | out: hHeap=0x6d0000) returned 1 [0030.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3a78 | out: hHeap=0x6d0000) returned 1 [0030.008] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="AppData", cAlternateFileName="")) returned 0 [0030.008] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f38f0 | out: hHeap=0x6d0000) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3690 | out: hHeap=0x6d0000) returned 1 [0030.009] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x50f82a50, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0 [0030.009] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f34c0 | out: hHeap=0x6d0000) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f3380 | out: hHeap=0x6d0000) returned 1 [0030.009] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x50f82a50, cFileName="Users", cAlternateFileName="")) returned 0 [0030.009] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f31d0 | out: hHeap=0x6d0000) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f30f8 | out: hHeap=0x6d0000) returned 1 [0030.009] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x337, cFileName="C", cAlternateFileName="")) returned 0 [0030.009] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2018 | out: hHeap=0x6d0000) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f1f08 | out: hHeap=0x6d0000) returned 1 [0030.009] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 0 [0030.009] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0df0 | out: hHeap=0x6d0000) returned 1 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0c70 | out: hHeap=0x6d0000) returned 1 [0030.009] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Themes", cAlternateFileName="")) returned 1 [0030.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e67f8 [0030.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e6880 [0030.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0030.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e6948 [0030.009] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0030.010] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="..", cAlternateFileName="")) returned 1 [0030.011] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d6bf40, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x70a, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Custom.theme", cAlternateFileName="CUSTOM~1.THE")) returned 1 [0030.011] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e69e0 [0030.011] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e6a78 [0030.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e69e0 | out: hHeap=0x6d0000) returned 1 [0030.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.011] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x70a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x70a, lpOverlapped=0x0) returned 1 [0030.013] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.013] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x70a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x70a, lpOverlapped=0x0) returned 1 [0030.013] CloseHandle (hObject=0x48) returned 1 [0030.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e6b58 [0030.013] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme.adv")) returned 1 [0030.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6b58 | out: hHeap=0x6d0000) returned 1 [0030.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6a78 | out: hHeap=0x6d0000) returned 1 [0030.014] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d6bf40, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x70a, dwReserved0=0x1d2dd9c, dwReserved1=0xd8d1fc80, cFileName="Custom.theme", cAlternateFileName="CUSTOM~1.THE")) returned 0 [0030.014] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0030.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6948 | out: hHeap=0x6d0000) returned 1 [0030.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6880 | out: hHeap=0x6d0000) returned 1 [0030.014] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c4d89a0, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2c4d89a0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="UsrClass.dat", cAlternateFileName="")) returned 1 [0030.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e67f8 [0030.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e6880 [0030.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0030.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0030.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6880 | out: hHeap=0x6d0000) returned 1 [0030.014] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c3ce000, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="UsrClass.dat.LOG1", cAlternateFileName="USRCLA~2.LOG")) returned 1 [0030.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e67f8 [0030.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e6880 [0030.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0030.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0030.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6880 | out: hHeap=0x6d0000) returned 1 [0030.014] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9c5705f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="UsrClass.dat.LOG2", cAlternateFileName="USRCLA~1.LOG")) returned 1 [0030.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e67f8 [0030.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e6880 [0030.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0030.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0030.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6880 | out: hHeap=0x6d0000) returned 1 [0030.015] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x962222ec, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf", cAlternateFileName="USRCLA~1.BLF")) returned 1 [0030.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e67f8 [0030.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e6880 [0030.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0030.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0030.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6880 | out: hHeap=0x6d0000) returned 1 [0030.015] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="USRCLA~2.REG")) returned 1 [0030.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e67f8 [0030.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e6880 [0030.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0030.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0030.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6880 | out: hHeap=0x6d0000) returned 1 [0030.015] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="USRCLA~1.REG")) returned 1 [0030.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e67f8 [0030.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e6880 [0030.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0030.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0030.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6880 | out: hHeap=0x6d0000) returned 1 [0030.015] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="WER", cAlternateFileName="")) returned 1 [0030.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e67f8 [0030.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e6880 [0030.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0030.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e6948 [0030.016] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x360066, dwReserved1=0x370064, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0030.016] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x360066, dwReserved1=0x370064, cFileName="..", cAlternateFileName="")) returned 1 [0030.016] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x360066, dwReserved1=0x370064, cFileName="ERC", cAlternateFileName="")) returned 1 [0030.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e69e0 [0030.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e6a78 [0030.016] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\ERC\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0030.016] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="..", cAlternateFileName="")) returned 1 [0030.016] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="..", cAlternateFileName="")) returned 0 [0030.016] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0030.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6a78 | out: hHeap=0x6d0000) returned 1 [0030.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e69e0 | out: hHeap=0x6d0000) returned 1 [0030.016] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x360066, dwReserved1=0x370064, cFileName="ReportArchive", cAlternateFileName="REPORT~1")) returned 1 [0030.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e69e0 [0030.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e6a78 [0030.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e69e0 | out: hHeap=0x6d0000) returned 1 [0030.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e6b58 [0030.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e6c00 [0030.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6b58 | out: hHeap=0x6d0000) returned 1 [0030.017] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\ReportArchive\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0030.017] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="..", cAlternateFileName="")) returned 1 [0030.017] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="..", cAlternateFileName="")) returned 0 [0030.017] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0030.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6c00 | out: hHeap=0x6d0000) returned 1 [0030.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6a78 | out: hHeap=0x6d0000) returned 1 [0030.017] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x360066, dwReserved1=0x370064, cFileName="ReportArchive", cAlternateFileName="REPORT~1")) returned 0 [0030.017] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0030.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6948 | out: hHeap=0x6d0000) returned 1 [0030.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6880 | out: hHeap=0x6d0000) returned 1 [0030.017] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa734ff0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xa734ff0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xa734ff0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="WindowsUpdate.log", cAlternateFileName="WINDOW~1.LOG")) returned 1 [0030.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e67f8 [0030.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e6880 [0030.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67f8 | out: hHeap=0x6d0000) returned 1 [0030.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.019] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.019] CloseHandle (hObject=0x44) returned 1 [0030.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e6948 [0030.019] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log.adv")) returned 1 [0030.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6948 | out: hHeap=0x6d0000) returned 1 [0030.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6880 | out: hHeap=0x6d0000) returned 1 [0030.020] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa734ff0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xa734ff0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xa734ff0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="WindowsUpdate.log", cAlternateFileName="WINDOW~1.LOG")) returned 0 [0030.020] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0030.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0030.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0030.020] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0030.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0030.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0030.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0030.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0030.020] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0030.023] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0030.023] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x5e4, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cAlternateFileName="ACCOUN~3.OEA")) returned 1 [0030.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6efc88 [0030.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.023] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5e4, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x5e4, lpOverlapped=0x0) returned 1 [0030.025] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.025] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5e4, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x5e4, lpOverlapped=0x0) returned 1 [0030.025] CloseHandle (hObject=0x44) returned 1 [0030.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6efd90 [0030.025] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.adv")) returned 1 [0030.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd90 | out: hHeap=0x6d0000) returned 1 [0030.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.026] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf657b4d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2a0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cAlternateFileName="ACCOUN~2.OEA")) returned 1 [0030.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.026] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6efc88 [0030.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.026] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2a0, lpOverlapped=0x0) returned 1 [0030.027] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.027] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2a0, lpOverlapped=0x0) returned 1 [0030.028] CloseHandle (hObject=0x44) returned 1 [0030.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6efd90 [0030.028] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.adv")) returned 1 [0030.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd90 | out: hHeap=0x6d0000) returned 1 [0030.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.028] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67b6975, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x6c8, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cAlternateFileName="ACCOUN~1.OEA")) returned 1 [0030.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6efc88 [0030.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.029] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6c8, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x6c8, lpOverlapped=0x0) returned 1 [0030.033] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.033] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6c8, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x6c8, lpOverlapped=0x0) returned 1 [0030.033] CloseHandle (hObject=0x44) returned 1 [0030.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6efd90 [0030.033] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.adv")) returned 1 [0030.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd90 | out: hHeap=0x6d0000) returned 1 [0030.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.034] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b9ed580, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9ed580, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Backup", cAlternateFileName="")) returned 1 [0030.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efd68 [0030.034] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b9ed580, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9ed580, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfc, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0030.034] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b9ed580, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9ed580, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfc, cFileName="..", cAlternateFileName="")) returned 1 [0030.034] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfc, cFileName="old", cAlternateFileName="")) returned 1 [0030.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efeb8 [0030.034] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2b9ed580, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0030.036] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2b9ed580, cFileName="..", cAlternateFileName="")) returned 1 [0030.036] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f2de8d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1d2dd9c, dwReserved1=0x2b9ed580, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0030.036] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eff60 [0030.036] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0008 [0030.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eff60 | out: hHeap=0x6d0000) returned 1 [0030.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0030.036] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x200000, lpOverlapped=0x0) returned 1 [0030.066] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.066] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x200000, lpOverlapped=0x0) returned 1 [0030.073] CloseHandle (hObject=0x4c) returned 1 [0030.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0100 [0030.073] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log.adv")) returned 1 [0030.074] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0100 | out: hHeap=0x6d0000) returned 1 [0030.074] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0008 | out: hHeap=0x6d0000) returned 1 [0030.074] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2ab7545, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x206000, dwReserved0=0x1d2dd9c, dwReserved1=0x2b9ed580, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0030.074] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eff60 [0030.074] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0008 [0030.074] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eff60 | out: hHeap=0x6d0000) returned 1 [0030.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0030.074] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x206000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x206000, lpOverlapped=0x0) returned 1 [0030.110] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.110] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x206000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x206000, lpOverlapped=0x0) returned 1 [0030.134] CloseHandle (hObject=0x4c) returned 1 [0030.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0100 [0030.134] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore.adv")) returned 1 [0030.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0100 | out: hHeap=0x6d0000) returned 1 [0030.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0008 | out: hHeap=0x6d0000) returned 1 [0030.135] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dd9c, dwReserved1=0x2b9ed580, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0030.135] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eff60 [0030.135] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0008 [0030.135] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eff60 | out: hHeap=0x6d0000) returned 1 [0030.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0030.135] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0030.137] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.137] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0030.137] CloseHandle (hObject=0x4c) returned 1 [0030.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0100 [0030.137] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat.adv")) returned 1 [0030.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0100 | out: hHeap=0x6d0000) returned 1 [0030.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0008 | out: hHeap=0x6d0000) returned 1 [0030.138] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dd9c, dwReserved1=0x2b9ed580, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0030.138] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0030.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.138] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfc, cFileName="old", cAlternateFileName="")) returned 0 [0030.138] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0030.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.138] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0030.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.138] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2000, lpOverlapped=0x0) returned 1 [0030.140] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.140] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2000, lpOverlapped=0x0) returned 1 [0030.140] CloseHandle (hObject=0x44) returned 1 [0030.140] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efd68 [0030.140] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk.adv")) returned 1 [0030.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.141] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="edb.log", cAlternateFileName="")) returned 1 [0030.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.141] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0030.218] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.218] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0030.226] CloseHandle (hObject=0x44) returned 1 [0030.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efd68 [0030.226] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log.adv")) returned 1 [0030.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.227] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b29966, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0030.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.227] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0030.368] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.368] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0030.375] CloseHandle (hObject=0x44) returned 1 [0030.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6efd68 [0030.375] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log.adv")) returned 1 [0030.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.376] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2027392, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="edbres00001.jrs", cAlternateFileName="EDBRES~2.JRS")) returned 1 [0030.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.377] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0030.409] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.409] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0030.415] CloseHandle (hObject=0x44) returned 1 [0030.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6efd68 [0030.416] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs.adv")) returned 1 [0030.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.416] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2216575, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="edbres00002.jrs", cAlternateFileName="EDBRES~1.JRS")) returned 1 [0030.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.418] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0030.453] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.453] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0030.460] CloseHandle (hObject=0x44) returned 1 [0030.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6efd68 [0030.460] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs.adv")) returned 1 [0030.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.463] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="oeold.xml", cAlternateFileName="")) returned 1 [0030.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.463] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.463] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x104, lpOverlapped=0x0) returned 1 [0030.464] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.464] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x104, lpOverlapped=0x0) returned 1 [0030.464] CloseHandle (hObject=0x44) returned 1 [0030.464] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6efd68 [0030.464] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml.adv")) returned 1 [0030.467] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.467] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.467] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0030.467] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.467] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.467] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.467] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efd68 [0030.467] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x117, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0030.476] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x117, cFileName="..", cAlternateFileName="")) returned 1 [0030.476] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xcdfff30e, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x117, cFileName="Bears.htm", cAlternateFileName="")) returned 1 [0030.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.477] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xff, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xff, lpOverlapped=0x0) returned 1 [0030.478] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.478] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xff, lpOverlapped=0x0) returned 1 [0030.478] CloseHandle (hObject=0x48) returned 1 [0030.478] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.478] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm.adv")) returned 1 [0030.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.479] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa352261, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x117, cFileName="Bears.jpg", cAlternateFileName="")) returned 1 [0030.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.479] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.480] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x432, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x432, lpOverlapped=0x0) returned 1 [0030.481] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.481] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x432, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x432, lpOverlapped=0x0) returned 1 [0030.481] CloseHandle (hObject=0x48) returned 1 [0030.481] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.481] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.adv")) returned 1 [0030.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.482] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7bf1d2d9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x285, dwReserved0=0x0, dwReserved1=0x117, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0030.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.482] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x285, lpOverlapped=0x0) returned 1 [0030.483] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.483] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x285, lpOverlapped=0x0) returned 1 [0030.484] CloseHandle (hObject=0x48) returned 1 [0030.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.484] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini.adv")) returned 1 [0030.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.485] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce04b5c8, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe7, dwReserved0=0x0, dwReserved1=0x117, cFileName="Garden.htm", cAlternateFileName="")) returned 1 [0030.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.485] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe7, lpOverlapped=0x0) returned 1 [0030.486] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.486] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe7, lpOverlapped=0x0) returned 1 [0030.487] CloseHandle (hObject=0x48) returned 1 [0030.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.487] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm.adv")) returned 1 [0030.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.487] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa410937, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x5d3f, dwReserved0=0x0, dwReserved1=0x117, cFileName="Garden.jpg", cAlternateFileName="")) returned 1 [0030.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.488] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5d3f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5d3f, lpOverlapped=0x0) returned 1 [0030.489] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.489] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5d3f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5d3f, lpOverlapped=0x0) returned 1 [0030.490] CloseHandle (hObject=0x48) returned 1 [0030.490] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.490] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.adv")) returned 1 [0030.490] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.490] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.490] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce071725, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x117, cFileName="Green Bubbles.htm", cAlternateFileName="GREENB~1.HTM")) returned 1 [0030.490] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.490] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.490] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.491] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0030.493] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.493] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0030.493] CloseHandle (hObject=0x48) returned 1 [0030.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6effb0 [0030.493] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm.adv")) returned 1 [0030.494] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.494] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.494] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa436a95, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1906, dwReserved0=0x0, dwReserved1=0x117, cFileName="GreenBubbles.jpg", cAlternateFileName="GREENB~1.JPG")) returned 1 [0030.494] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.494] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.494] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.494] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1906, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1906, lpOverlapped=0x0) returned 1 [0030.496] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.496] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1906, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1906, lpOverlapped=0x0) returned 1 [0030.496] CloseHandle (hObject=0x48) returned 1 [0030.496] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6effb0 [0030.496] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.adv")) returned 1 [0030.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.497] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0bd9df, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x117, cFileName="Hand Prints.htm", cAlternateFileName="HANDPR~1.HTM")) returned 1 [0030.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.497] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xeb, lpOverlapped=0x0) returned 1 [0030.498] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.498] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xeb, lpOverlapped=0x0) returned 1 [0030.498] CloseHandle (hObject=0x48) returned 1 [0030.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6effb0 [0030.498] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm.adv")) returned 1 [0030.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.499] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa45cbf3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x107e, dwReserved0=0x0, dwReserved1=0x117, cFileName="HandPrints.jpg", cAlternateFileName="HANDPR~1.JPG")) returned 1 [0030.499] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.499] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.499] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x107e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x107e, lpOverlapped=0x0) returned 1 [0030.501] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.501] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x107e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x107e, lpOverlapped=0x0) returned 1 [0030.501] CloseHandle (hObject=0x48) returned 1 [0030.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6effb0 [0030.501] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.adv")) returned 1 [0030.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.502] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0e3b3c, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x117, cFileName="Orange Circles.htm", cAlternateFileName="ORANGE~1.HTM")) returned 1 [0030.502] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.502] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.503] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0030.504] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.504] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0030.504] CloseHandle (hObject=0x48) returned 1 [0030.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6effb0 [0030.504] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm.adv")) returned 1 [0030.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.505] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa4cf00d, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x117, cFileName="OrangeCircles.jpg", cAlternateFileName="ORANGE~1.JPG")) returned 1 [0030.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.506] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18ed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18ed, lpOverlapped=0x0) returned 1 [0030.507] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.507] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18ed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18ed, lpOverlapped=0x0) returned 1 [0030.508] CloseHandle (hObject=0x48) returned 1 [0030.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6effb0 [0030.508] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.adv")) returned 1 [0030.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.508] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce109c99, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x117, cFileName="Peacock.htm", cAlternateFileName="")) returned 1 [0030.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.509] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe8, lpOverlapped=0x0) returned 1 [0030.510] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.510] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe8, lpOverlapped=0x0) returned 1 [0030.510] CloseHandle (hObject=0x48) returned 1 [0030.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.510] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm.adv")) returned 1 [0030.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.511] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa51b2c9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x13fb, dwReserved0=0x0, dwReserved1=0x117, cFileName="Peacock.jpg", cAlternateFileName="")) returned 1 [0030.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.511] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13fb, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x13fb, lpOverlapped=0x0) returned 1 [0030.513] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.513] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13fb, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x13fb, lpOverlapped=0x0) returned 1 [0030.513] CloseHandle (hObject=0x48) returned 1 [0030.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.513] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.adv")) returned 1 [0030.514] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.514] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.514] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce12fdf6, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x117, cFileName="Roses.htm", cAlternateFileName="")) returned 1 [0030.514] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.514] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.514] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.515] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe9, lpOverlapped=0x0) returned 1 [0030.516] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.516] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe9, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe9, lpOverlapped=0x0) returned 1 [0030.516] CloseHandle (hObject=0x48) returned 1 [0030.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.516] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm.adv")) returned 1 [0030.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.517] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa567585, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x780, dwReserved0=0x0, dwReserved1=0x117, cFileName="Roses.jpg", cAlternateFileName="")) returned 1 [0030.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.517] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x780, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x780, lpOverlapped=0x0) returned 1 [0030.519] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.519] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x780, lpOverlapped=0x0) returned 1 [0030.519] CloseHandle (hObject=0x48) returned 1 [0030.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.519] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.adv")) returned 1 [0030.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.520] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce17c0b0, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x117, cFileName="Shades of Blue.htm", cAlternateFileName="SHADES~1.HTM")) returned 1 [0030.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.520] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0030.521] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.521] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0030.521] CloseHandle (hObject=0x48) returned 1 [0030.521] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6effb0 [0030.521] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm.adv")) returned 1 [0030.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.522] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa58d6e3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x127e, dwReserved0=0x0, dwReserved1=0x117, cFileName="ShadesOfBlue.jpg", cAlternateFileName="SHADES~1.JPG")) returned 1 [0030.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.522] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x127e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x127e, lpOverlapped=0x0) returned 1 [0030.524] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.524] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x127e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x127e, lpOverlapped=0x0) returned 1 [0030.524] CloseHandle (hObject=0x48) returned 1 [0030.524] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6effb0 [0030.524] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.adv")) returned 1 [0030.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.525] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1a220d, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x117, cFileName="Soft Blue.htm", cAlternateFileName="SOFTBL~1.HTM")) returned 1 [0030.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.525] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe8, lpOverlapped=0x0) returned 1 [0030.526] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.526] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe8, lpOverlapped=0x0) returned 1 [0030.526] CloseHandle (hObject=0x48) returned 1 [0030.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.527] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm.adv")) returned 1 [0030.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.527] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5b3841, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x2949, dwReserved0=0x0, dwReserved1=0x117, cFileName="SoftBlue.jpg", cAlternateFileName="")) returned 1 [0030.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.528] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2949, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2949, lpOverlapped=0x0) returned 1 [0030.530] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.530] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2949, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2949, lpOverlapped=0x0) returned 1 [0030.530] CloseHandle (hObject=0x48) returned 1 [0030.530] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.530] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.adv")) returned 1 [0030.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.531] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1c836a, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x117, cFileName="Stars.htm", cAlternateFileName="")) returned 1 [0030.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.531] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe6, lpOverlapped=0x0) returned 1 [0030.532] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.532] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe6, lpOverlapped=0x0) returned 1 [0030.532] CloseHandle (hObject=0x48) returned 1 [0030.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.532] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm.adv")) returned 1 [0030.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.533] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x117, cFileName="Stars.jpg", cAlternateFileName="")) returned 1 [0030.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.533] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d51, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d51, lpOverlapped=0x0) returned 1 [0030.535] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.535] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d51, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d51, lpOverlapped=0x0) returned 1 [0030.535] CloseHandle (hObject=0x48) returned 1 [0030.535] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.535] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.adv")) returned 1 [0030.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.536] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x117, cFileName="Stars.jpg", cAlternateFileName="")) returned 0 [0030.536] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0030.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.536] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0030.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.536] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x204000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x204000, lpOverlapped=0x0) returned 1 [0030.572] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.572] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x204000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x204000, lpOverlapped=0x0) returned 1 [0030.596] CloseHandle (hObject=0x44) returned 1 [0030.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6efd68 [0030.597] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore.adv")) returned 1 [0030.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.597] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9a12c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0030.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.603] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.603] CloseHandle (hObject=0x44) returned 1 [0030.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6efd68 [0030.603] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat.adv")) returned 1 [0030.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.604] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9a12c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0030.604] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0030.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0030.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0030.604] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0030.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0030.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0030.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0030.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0030.604] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0030.605] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0030.605] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="12.0", cAlternateFileName="")) returned 1 [0030.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.605] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efd68 [0030.605] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0030.605] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="..", cAlternateFileName="")) returned 1 [0030.605] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1f2, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="WMSDKNS.DTD", cAlternateFileName="")) returned 1 [0030.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.606] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1f2, lpOverlapped=0x0) returned 1 [0030.606] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.606] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1f2, lpOverlapped=0x0) returned 1 [0030.607] CloseHandle (hObject=0x48) returned 1 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.607] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd.adv")) returned 1 [0030.607] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 1 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efe10 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6efeb8 [0030.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efe10 | out: hHeap=0x6d0000) returned 1 [0030.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0030.608] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x27cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x27cf, lpOverlapped=0x0) returned 1 [0030.610] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.610] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x27cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x27cf, lpOverlapped=0x0) returned 1 [0030.610] CloseHandle (hObject=0x48) returned 1 [0030.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6effb0 [0030.611] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.adv")) returned 1 [0030.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6effb0 | out: hHeap=0x6d0000) returned 1 [0030.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efeb8 | out: hHeap=0x6d0000) returned 1 [0030.611] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28d257a0, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 0 [0030.611] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0030.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.611] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="12.0", cAlternateFileName="")) returned 0 [0030.611] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0030.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0030.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0030.611] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0030.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6efa30 [0030.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6efaa8 [0030.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efa30 | out: hHeap=0x6d0000) returned 1 [0030.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efb58 [0030.612] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0030.612] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="..", cAlternateFileName="")) returned 1 [0030.612] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Gadgets", cAlternateFileName="")) returned 1 [0030.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6efd68 [0030.612] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28de3e80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0030.612] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28de3e80, cFileName="..", cAlternateFileName="")) returned 1 [0030.612] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28de3e80, cFileName="..", cAlternateFileName="")) returned 0 [0030.612] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0030.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.612] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0030.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6efbf0 [0030.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6efc88 [0030.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efbf0 | out: hHeap=0x6d0000) returned 1 [0030.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0030.614] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x54, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x54, lpOverlapped=0x0) returned 1 [0030.614] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.614] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x54, lpOverlapped=0x0) returned 1 [0030.615] CloseHandle (hObject=0x44) returned 1 [0030.615] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.adv")) returned 1 [0030.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efd68 | out: hHeap=0x6d0000) returned 1 [0030.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efc88 | out: hHeap=0x6d0000) returned 1 [0030.615] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x1d2dd9c, dwReserved1=0x962f4540, cFileName="Settings.ini", cAlternateFileName="")) returned 0 [0030.615] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efb58 | out: hHeap=0x6d0000) returned 1 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6efaa8 | out: hHeap=0x6d0000) returned 1 [0030.616] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0030.616] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9b0 | out: hHeap=0x6d0000) returned 1 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee918 | out: hHeap=0x6d0000) returned 1 [0030.616] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0030.616] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0030.616] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="..", cAlternateFileName="")) returned 1 [0030.616] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="..", cAlternateFileName="")) returned 0 [0030.616] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9b0 | out: hHeap=0x6d0000) returned 1 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee918 | out: hHeap=0x6d0000) returned 1 [0030.616] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0030.617] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0030.617] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="..", cAlternateFileName="")) returned 1 [0030.617] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Firefox", cAlternateFileName="")) returned 1 [0030.617] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0030.617] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0030.619] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="..", cAlternateFileName="")) returned 1 [0030.619] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="Profiles", cAlternateFileName="")) returned 1 [0030.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eebd8 | out: hHeap=0x6d0000) returned 1 [0030.619] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0030.619] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="..", cAlternateFileName="")) returned 1 [0030.619] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0030.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eedc0 | out: hHeap=0x6d0000) returned 1 [0030.620] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0030.622] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="..", cAlternateFileName="")) returned 1 [0030.622] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="Cache", cAlternateFileName="")) returned 1 [0030.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeff0 | out: hHeap=0x6d0000) returned 1 [0030.622] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0030.624] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="..", cAlternateFileName="")) returned 1 [0030.624] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="0", cAlternateFileName="")) returned 1 [0030.624] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.625] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.625] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="98", cAlternateFileName="")) returned 1 [0030.625] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.625] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81eff750, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.625] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81eff750, cFileName="..", cAlternateFileName="")) returned 1 [0030.626] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8cd19f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xb67e, dwReserved0=0x1d2dda4, dwReserved1=0x81eff750, cFileName="B60F3d01", cAlternateFileName="")) returned 1 [0030.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.626] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb67e, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xb67e, lpOverlapped=0x0) returned 1 [0030.628] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.628] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb67e, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xb67e, lpOverlapped=0x0) returned 1 [0030.629] CloseHandle (hObject=0x58) returned 1 [0030.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.629] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01.adv")) returned 1 [0030.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.629] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8cd19f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xb67e, dwReserved0=0x1d2dda4, dwReserved1=0x81eff750, cFileName="B60F3d01", cAlternateFileName="")) returned 0 [0030.629] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.629] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="A8", cAlternateFileName="")) returned 1 [0030.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.630] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81eff750, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.630] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81eff750, cFileName="..", cAlternateFileName="")) returned 1 [0030.630] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4898, dwReserved0=0x1d2dda4, dwReserved1=0x81eff750, cFileName="C3B7Bd01", cAlternateFileName="")) returned 1 [0030.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.631] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.631] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4898, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x4898, lpOverlapped=0x0) returned 1 [0030.633] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.633] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4898, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x4898, lpOverlapped=0x0) returned 1 [0030.634] CloseHandle (hObject=0x58) returned 1 [0030.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.634] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01.adv")) returned 1 [0030.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.634] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4898, dwReserved0=0x1d2dda4, dwReserved1=0x81eff750, cFileName="C3B7Bd01", cAlternateFileName="")) returned 0 [0030.634] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.634] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="A8", cAlternateFileName="")) returned 0 [0030.634] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.635] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="1", cAlternateFileName="")) returned 1 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.635] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.635] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.635] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="0B", cAlternateFileName="")) returned 1 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.635] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.635] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName="..", cAlternateFileName="")) returned 1 [0030.635] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x204fd, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName="FCBF5d01", cAlternateFileName="")) returned 1 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.636] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x204fd, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x204fd, lpOverlapped=0x0) returned 1 [0030.640] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.640] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x204fd, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x204fd, lpOverlapped=0x0) returned 1 [0030.640] CloseHandle (hObject=0x58) returned 1 [0030.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.640] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01.adv")) returned 1 [0030.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.641] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x204fd, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName="FCBF5d01", cAlternateFileName="")) returned 0 [0030.641] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.641] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="C2", cAlternateFileName="")) returned 1 [0030.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.641] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.642] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName="..", cAlternateFileName="")) returned 1 [0030.642] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8272e2f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xaa05, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName="0B619d01", cAlternateFileName="")) returned 1 [0030.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.642] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaa05, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xaa05, lpOverlapped=0x0) returned 1 [0030.644] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.645] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaa05, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xaa05, lpOverlapped=0x0) returned 1 [0030.645] CloseHandle (hObject=0x58) returned 1 [0030.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.645] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01.adv")) returned 1 [0030.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.646] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8272e2f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xaa05, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName="0B619d01", cAlternateFileName="")) returned 0 [0030.646] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.646] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="F6", cAlternateFileName="")) returned 1 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.646] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.646] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName="..", cAlternateFileName="")) returned 1 [0030.646] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa60b, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName="CBD4Dd01", cAlternateFileName="")) returned 1 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.647] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa60b, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xa60b, lpOverlapped=0x0) returned 1 [0030.649] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.649] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa60b, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xa60b, lpOverlapped=0x0) returned 1 [0030.649] CloseHandle (hObject=0x58) returned 1 [0030.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.649] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01.adv")) returned 1 [0030.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.650] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa60b, dwReserved0=0x1d2dda4, dwReserved1=0x826bbed0, cFileName="CBD4Dd01", cAlternateFileName="")) returned 0 [0030.650] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.650] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="F6", cAlternateFileName="")) returned 0 [0030.650] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.650] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="2", cAlternateFileName="")) returned 1 [0030.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.650] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.651] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.651] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 0 [0030.651] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.651] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.651] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.651] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="3", cAlternateFileName="")) returned 1 [0030.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.651] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.652] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.652] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="4B", cAlternateFileName="")) returned 1 [0030.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.652] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb727c690, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.653] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb727c690, cFileName="..", cAlternateFileName="")) returned 1 [0030.653] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb72eeab0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x20543, dwReserved0=0x1d2dda4, dwReserved1=0xb727c690, cFileName="1D8FDd01", cAlternateFileName="")) returned 1 [0030.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.653] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.654] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20543, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x20543, lpOverlapped=0x0) returned 1 [0030.657] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.657] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20543, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x20543, lpOverlapped=0x0) returned 1 [0030.657] CloseHandle (hObject=0x58) returned 1 [0030.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.658] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01.adv")) returned 1 [0030.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.658] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb72eeab0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x20543, dwReserved0=0x1d2dda4, dwReserved1=0xb727c690, cFileName="1D8FDd01", cAlternateFileName="")) returned 0 [0030.658] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.658] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="4B", cAlternateFileName="")) returned 0 [0030.658] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.658] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="4", cAlternateFileName="")) returned 1 [0030.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.658] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.659] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.659] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 0 [0030.659] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.659] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="5", cAlternateFileName="")) returned 1 [0030.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.659] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.660] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.660] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 0 [0030.660] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.660] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="6", cAlternateFileName="")) returned 1 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.660] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.660] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.660] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 0 [0030.660] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.660] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="7", cAlternateFileName="")) returned 1 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.660] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.661] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.661] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 0 [0030.661] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.661] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="8", cAlternateFileName="")) returned 1 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.662] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.662] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 0 [0030.662] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.662] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="9", cAlternateFileName="")) returned 1 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.663] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.663] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="10", cAlternateFileName="")) returned 1 [0030.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.663] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.664] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="..", cAlternateFileName="")) returned 1 [0030.664] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x534f, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="16A09d01", cAlternateFileName="")) returned 1 [0030.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.664] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x534f, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x534f, lpOverlapped=0x0) returned 1 [0030.666] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.666] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x534f, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x534f, lpOverlapped=0x0) returned 1 [0030.666] CloseHandle (hObject=0x58) returned 1 [0030.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.666] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01.adv")) returned 1 [0030.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.667] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x534f, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="16A09d01", cAlternateFileName="")) returned 0 [0030.667] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.667] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="2C", cAlternateFileName="")) returned 1 [0030.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.667] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.668] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="..", cAlternateFileName="")) returned 1 [0030.668] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7dcaf10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x133d5, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="24B53d01", cAlternateFileName="")) returned 1 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.669] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x133d5, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x133d5, lpOverlapped=0x0) returned 1 [0030.671] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.671] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x133d5, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x133d5, lpOverlapped=0x0) returned 1 [0030.671] CloseHandle (hObject=0x58) returned 1 [0030.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.671] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01.adv")) returned 1 [0030.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.672] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7dcaf10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x133d5, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="24B53d01", cAlternateFileName="")) returned 0 [0030.672] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.672] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="61", cAlternateFileName="")) returned 1 [0030.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.672] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.672] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="..", cAlternateFileName="")) returned 1 [0030.672] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fba0f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa949, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="28E95d01", cAlternateFileName="")) returned 1 [0030.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.673] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa949, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xa949, lpOverlapped=0x0) returned 1 [0030.675] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.675] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa949, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xa949, lpOverlapped=0x0) returned 1 [0030.675] CloseHandle (hObject=0x58) returned 1 [0030.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.675] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01.adv")) returned 1 [0030.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.676] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fba0f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa949, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="28E95d01", cAlternateFileName="")) returned 0 [0030.676] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.676] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="E0", cAlternateFileName="")) returned 1 [0030.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.676] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.677] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="..", cAlternateFileName="")) returned 1 [0030.677] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x404f, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="F17B2d01", cAlternateFileName="")) returned 1 [0030.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.677] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x404f, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x404f, lpOverlapped=0x0) returned 1 [0030.679] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.679] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x404f, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x404f, lpOverlapped=0x0) returned 1 [0030.679] CloseHandle (hObject=0x58) returned 1 [0030.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.680] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01.adv")) returned 1 [0030.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.680] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x404f, dwReserved0=0x1d2dda4, dwReserved1=0x81e8d330, cFileName="F17B2d01", cAlternateFileName="")) returned 0 [0030.680] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.680] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="E0", cAlternateFileName="")) returned 0 [0030.680] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.680] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="A", cAlternateFileName="")) returned 1 [0030.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.681] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.681] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.681] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 0 [0030.681] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.681] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="B", cAlternateFileName="")) returned 1 [0030.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.681] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.684] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.684] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 0 [0030.684] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.684] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="C", cAlternateFileName="")) returned 1 [0030.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.684] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.685] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.685] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="E6", cAlternateFileName="")) returned 1 [0030.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.685] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7eaf750, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.685] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7eaf750, cFileName="..", cAlternateFileName="")) returned 1 [0030.685] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f21b70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x21839, dwReserved0=0x1d2dda4, dwReserved1=0xb7eaf750, cFileName="9DCB7d01", cAlternateFileName="")) returned 1 [0030.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.685] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21839, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x21839, lpOverlapped=0x0) returned 1 [0030.688] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.688] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21839, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x21839, lpOverlapped=0x0) returned 1 [0030.689] CloseHandle (hObject=0x58) returned 1 [0030.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.689] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01.adv")) returned 1 [0030.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.689] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f21b70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x21839, dwReserved0=0x1d2dda4, dwReserved1=0xb7eaf750, cFileName="9DCB7d01", cAlternateFileName="")) returned 0 [0030.689] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.690] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="E6", cAlternateFileName="")) returned 0 [0030.690] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.690] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.690] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.690] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="D", cAlternateFileName="")) returned 1 [0030.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.690] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.690] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.691] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="08", cAlternateFileName="")) returned 1 [0030.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.691] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e671d0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.691] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x81e671d0, cFileName="..", cAlternateFileName="")) returned 1 [0030.692] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8266, dwReserved0=0x1d2dda4, dwReserved1=0x81e671d0, cFileName="71469d01", cAlternateFileName="")) returned 1 [0030.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.692] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8266, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x8266, lpOverlapped=0x0) returned 1 [0030.694] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.694] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8266, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x8266, lpOverlapped=0x0) returned 1 [0030.694] CloseHandle (hObject=0x58) returned 1 [0030.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.694] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01.adv")) returned 1 [0030.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.695] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8266, dwReserved0=0x1d2dda4, dwReserved1=0x81e671d0, cFileName="71469d01", cAlternateFileName="")) returned 0 [0030.695] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.695] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="08", cAlternateFileName="")) returned 0 [0030.695] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.695] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="E", cAlternateFileName="")) returned 1 [0030.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.695] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.696] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.696] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="69", cAlternateFileName="")) returned 1 [0030.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.696] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7f6de30, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.696] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7f6de30, cFileName="..", cAlternateFileName="")) returned 1 [0030.696] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb80063b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10d22, dwReserved0=0x1d2dda4, dwReserved1=0xb7f6de30, cFileName="885EEd01", cAlternateFileName="")) returned 1 [0030.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.696] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10d22, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x10d22, lpOverlapped=0x0) returned 1 [0030.699] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.699] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10d22, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x10d22, lpOverlapped=0x0) returned 1 [0030.699] CloseHandle (hObject=0x58) returned 1 [0030.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.699] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01.adv")) returned 1 [0030.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.700] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb80063b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10d22, dwReserved0=0x1d2dda4, dwReserved1=0xb7f6de30, cFileName="885EEd01", cAlternateFileName="")) returned 0 [0030.700] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.700] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="69", cAlternateFileName="")) returned 0 [0030.700] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.700] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="F", cAlternateFileName="")) returned 1 [0030.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef348 [0030.700] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0030.701] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="..", cAlternateFileName="")) returned 1 [0030.701] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="23", cAlternateFileName="")) returned 1 [0030.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x82329dd0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.701] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x82329dd0, cFileName="..", cAlternateFileName="")) returned 1 [0030.702] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fe0250, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf888, dwReserved0=0x1d2dda4, dwReserved1=0x82329dd0, cFileName="7E0FEd01", cAlternateFileName="")) returned 1 [0030.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.702] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.702] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf888, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xf888, lpOverlapped=0x0) returned 1 [0030.704] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.704] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf888, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xf888, lpOverlapped=0x0) returned 1 [0030.704] CloseHandle (hObject=0x58) returned 1 [0030.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.704] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01.adv")) returned 1 [0030.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.705] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fe0250, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf888, dwReserved0=0x1d2dda4, dwReserved1=0x82329dd0, cFileName="7E0FEd01", cAlternateFileName="")) returned 0 [0030.705] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.705] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="F0", cAlternateFileName="")) returned 1 [0030.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef410 [0030.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef4d8 [0030.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef410 | out: hHeap=0x6d0000) returned 1 [0030.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef600 [0030.705] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x82329dd0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0030.706] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x82329dd0, cFileName="..", cAlternateFileName="")) returned 1 [0030.706] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x823c2350, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa80f, dwReserved0=0x1d2dda4, dwReserved1=0x82329dd0, cFileName="ECB2Dd01", cAlternateFileName="")) returned 1 [0030.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef6d8 [0030.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef7b0 [0030.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef6d8 | out: hHeap=0x6d0000) returned 1 [0030.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0030.706] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa80f, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xa80f, lpOverlapped=0x0) returned 1 [0030.708] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.709] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa80f, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xa80f, lpOverlapped=0x0) returned 1 [0030.709] CloseHandle (hObject=0x58) returned 1 [0030.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef8f0 [0030.709] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01.adv")) returned 1 [0030.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef8f0 | out: hHeap=0x6d0000) returned 1 [0030.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef7b0 | out: hHeap=0x6d0000) returned 1 [0030.709] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x823c2350, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa80f, dwReserved0=0x1d2dda4, dwReserved1=0x82329dd0, cFileName="ECB2Dd01", cAlternateFileName="")) returned 0 [0030.709] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0030.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef600 | out: hHeap=0x6d0000) returned 1 [0030.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4d8 | out: hHeap=0x6d0000) returned 1 [0030.710] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb6518ad0, cFileName="F0", cAlternateFileName="")) returned 0 [0030.710] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0030.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.710] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x851226b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="_CACHE_001_", cAlternateFileName="_CACHE~2")) returned 1 [0030.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef348 [0030.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0030.710] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x400000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x400000, lpOverlapped=0x0) returned 1 [0030.786] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.786] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x400000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x400000, lpOverlapped=0x0) returned 1 [0030.824] CloseHandle (hObject=0x50) returned 1 [0030.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef470 [0030.824] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_.adv")) returned 1 [0030.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef470 | out: hHeap=0x6d0000) returned 1 [0030.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.824] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x851e0d90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="_CACHE_002_", cAlternateFileName="_CACHE~3")) returned 1 [0030.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef348 [0030.825] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0030.826] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x400000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x400000, lpOverlapped=0x0) returned 1 [0030.899] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0030.899] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x400000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x400000, lpOverlapped=0x0) returned 1 [0030.936] CloseHandle (hObject=0x50) returned 1 [0030.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef470 [0030.936] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_.adv")) returned 1 [0030.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef470 | out: hHeap=0x6d0000) returned 1 [0030.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0030.936] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8529f470, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="_CACHE_003_", cAlternateFileName="_CACHE~4")) returned 1 [0030.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0030.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef348 [0030.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0030.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0030.938] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x400000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x400000, lpOverlapped=0x0) returned 1 [0031.012] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.012] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x400000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x400000, lpOverlapped=0x0) returned 1 [0031.050] CloseHandle (hObject=0x50) returned 1 [0031.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef470 [0031.050] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_.adv")) returned 1 [0031.057] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef470 | out: hHeap=0x6d0000) returned 1 [0031.057] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0031.057] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8535db50, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2114, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="_CACHE_MAP_", cAlternateFileName="_CACHE~1")) returned 1 [0031.057] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef280 [0031.057] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef348 [0031.057] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6d0000) returned 1 [0031.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.058] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2114, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x2114, lpOverlapped=0x0) returned 1 [0031.061] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.061] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2114, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x2114, lpOverlapped=0x0) returned 1 [0031.062] CloseHandle (hObject=0x50) returned 1 [0031.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef470 [0031.062] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_.adv")) returned 1 [0031.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef470 | out: hHeap=0x6d0000) returned 1 [0031.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef348 | out: hHeap=0x6d0000) returned 1 [0031.063] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8535db50, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2114, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="_CACHE_MAP_", cAlternateFileName="_CACHE~1")) returned 0 [0031.063] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef1b8 | out: hHeap=0x6d0000) returned 1 [0031.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0a8 | out: hHeap=0x6d0000) returned 1 [0031.063] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="OfflineCache", cAlternateFileName="OFFLIN~1")) returned 1 [0031.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eeff0 [0031.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ef0a8 [0031.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeff0 | out: hHeap=0x6d0000) returned 1 [0031.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef1b8 [0031.063] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.064] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="..", cAlternateFileName="")) returned 1 [0031.064] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbece4d60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbece4d60, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc399b820, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="index.sqlite", cAlternateFileName="INDEX~1.SQL")) returned 1 [0031.064] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.064] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.064] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x40000, lpOverlapped=0x0) returned 1 [0031.068] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.068] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x40000, lpOverlapped=0x0) returned 1 [0031.069] CloseHandle (hObject=0x50) returned 1 [0031.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6ef4a8 [0031.069] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite.adv")) returned 1 [0031.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.070] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbece4d60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbece4d60, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc399b820, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="index.sqlite", cAlternateFileName="INDEX~1.SQL")) returned 0 [0031.070] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef1b8 | out: hHeap=0x6d0000) returned 1 [0031.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0a8 | out: hHeap=0x6d0000) returned 1 [0031.070] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="safebrowsing", cAlternateFileName="SAFEBR~2")) returned 1 [0031.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eeff0 [0031.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ef0a8 [0031.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeff0 | out: hHeap=0x6d0000) returned 1 [0031.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef1b8 [0031.070] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.074] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="..", cAlternateFileName="")) returned 1 [0031.074] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x825fd7f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x825fd7f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x825fd7f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2c, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="test-malware-simple.cache", cAlternateFileName="TEST-M~1.CAC")) returned 1 [0031.074] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.074] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.074] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.074] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x2c, lpOverlapped=0x0) returned 1 [0031.075] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.075] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x2c, lpOverlapped=0x0) returned 1 [0031.076] CloseHandle (hObject=0x50) returned 1 [0031.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef4a8 [0031.076] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.adv")) returned 1 [0031.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.076] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8234ff30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="test-malware-simple.pset", cAlternateFileName="TEST-M~1.PSE")) returned 1 [0031.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.077] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0031.078] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.078] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0031.078] CloseHandle (hObject=0x50) returned 1 [0031.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef4a8 [0031.078] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.adv")) returned 1 [0031.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.079] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82376090, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82376090, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82376090, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="test-malware-simple.sbstore", cAlternateFileName="TEST-M~1.SBS")) returned 1 [0031.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.079] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xe8, lpOverlapped=0x0) returned 1 [0031.080] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.080] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xe8, lpOverlapped=0x0) returned 1 [0031.080] CloseHandle (hObject=0x50) returned 1 [0031.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef4a8 [0031.080] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.adv")) returned 1 [0031.081] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.081] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.081] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82695d70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82695d70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82695d70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2c, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="test-phish-simple.cache", cAlternateFileName="TEST-P~1.CAC")) returned 1 [0031.081] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.081] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.081] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.082] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x2c, lpOverlapped=0x0) returned 1 [0031.083] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.083] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x2c, lpOverlapped=0x0) returned 1 [0031.083] CloseHandle (hObject=0x50) returned 1 [0031.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef4a8 [0031.083] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.adv")) returned 1 [0031.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.084] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82376090, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82376090, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="test-phish-simple.pset", cAlternateFileName="TEST-P~1.PSE")) returned 1 [0031.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.084] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0031.085] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.085] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x10, lpOverlapped=0x0) returned 1 [0031.085] CloseHandle (hObject=0x50) returned 1 [0031.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef4a8 [0031.085] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.adv")) returned 1 [0031.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.086] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82649ab0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82649ab0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="test-phish-simple.sbstore", cAlternateFileName="TEST-P~1.SBS")) returned 1 [0031.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.086] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.086] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xe8, lpOverlapped=0x0) returned 1 [0031.087] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.087] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xe8, lpOverlapped=0x0) returned 1 [0031.087] CloseHandle (hObject=0x50) returned 1 [0031.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6ef4a8 [0031.087] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.adv")) returned 1 [0031.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.088] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82649ab0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82649ab0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="test-phish-simple.sbstore", cAlternateFileName="TEST-P~1.SBS")) returned 0 [0031.088] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef1b8 | out: hHeap=0x6d0000) returned 1 [0031.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0a8 | out: hHeap=0x6d0000) returned 1 [0031.088] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="startupCache", cAlternateFileName="STARTU~1")) returned 1 [0031.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eeff0 [0031.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ef0a8 [0031.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeff0 | out: hHeap=0x6d0000) returned 1 [0031.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef1b8 [0031.088] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.089] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="..", cAlternateFileName="")) returned 1 [0031.089] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x854b47b0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe59f6, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="startupCache.4.little", cAlternateFileName="STARTU~1.LIT")) returned 1 [0031.089] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.089] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.089] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.089] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe59f6, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xe59f6, lpOverlapped=0x0) returned 1 [0031.099] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.099] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe59f6, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xe59f6, lpOverlapped=0x0) returned 1 [0031.101] CloseHandle (hObject=0x50) returned 1 [0031.101] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ef4a8 [0031.101] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little.adv")) returned 1 [0031.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.102] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x854b47b0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe59f6, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="startupCache.4.little", cAlternateFileName="STARTU~1.LIT")) returned 0 [0031.102] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef1b8 | out: hHeap=0x6d0000) returned 1 [0031.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0a8 | out: hHeap=0x6d0000) returned 1 [0031.102] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="thumbnails", cAlternateFileName="THUMBN~1")) returned 1 [0031.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eeff0 [0031.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ef0a8 [0031.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeff0 | out: hHeap=0x6d0000) returned 1 [0031.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef1b8 [0031.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.105] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="..", cAlternateFileName="")) returned 1 [0031.105] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83cc0a50, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83cc0a50, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="4cc87c1409819bf06f42b782d4902b2f.png", cAlternateFileName="4CC87C~1.PNG")) returned 1 [0031.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.105] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.105] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.106] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40b0, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x40b0, lpOverlapped=0x0) returned 1 [0031.107] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.107] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40b0, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x40b0, lpOverlapped=0x0) returned 1 [0031.108] CloseHandle (hObject=0x50) returned 1 [0031.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ef4a8 [0031.108] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.adv")) returned 1 [0031.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.109] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83ce6bb0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="ba182bcd131f1f3c6b6fbbb1ba078341.png", cAlternateFileName="BA182B~1.PNG")) returned 1 [0031.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.109] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40b0, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x40b0, lpOverlapped=0x0) returned 1 [0031.111] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.111] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40b0, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x40b0, lpOverlapped=0x0) returned 1 [0031.111] CloseHandle (hObject=0x50) returned 1 [0031.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ef4a8 [0031.111] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.adv")) returned 1 [0031.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.112] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb97ade50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb97ade50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb97ade50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1c362, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="ce8c0453589216a67cddb50284fbfe8d.png", cAlternateFileName="CE8C04~1.PNG")) returned 1 [0031.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef290 [0031.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6ef368 [0031.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef290 | out: hHeap=0x6d0000) returned 1 [0031.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.114] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c362, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x1c362, lpOverlapped=0x0) returned 1 [0031.117] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.117] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c362, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x1c362, lpOverlapped=0x0) returned 1 [0031.117] CloseHandle (hObject=0x50) returned 1 [0031.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6ef4a8 [0031.117] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.adv")) returned 1 [0031.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef4a8 | out: hHeap=0x6d0000) returned 1 [0031.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef368 | out: hHeap=0x6d0000) returned 1 [0031.118] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb97ade50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb97ade50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb97ade50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1c362, dwReserved0=0x1d2dda4, dwReserved1=0x826e2030, cFileName="ce8c0453589216a67cddb50284fbfe8d.png", cAlternateFileName="CE8C04~1.PNG")) returned 0 [0031.118] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef1b8 | out: hHeap=0x6d0000) returned 1 [0031.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0a8 | out: hHeap=0x6d0000) returned 1 [0031.118] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853a9e10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="_CACHE_CLEAN_", cAlternateFileName="_CACHE~1")) returned 1 [0031.118] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eeff0 [0031.118] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ef0a8 [0031.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeff0 | out: hHeap=0x6d0000) returned 1 [0031.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0031.118] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1, lpOverlapped=0x0) returned 1 [0031.119] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.119] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1, lpOverlapped=0x0) returned 1 [0031.119] CloseHandle (hObject=0x4c) returned 1 [0031.120] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef1b8 [0031.120] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_.adv")) returned 1 [0031.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef1b8 | out: hHeap=0x6d0000) returned 1 [0031.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0a8 | out: hHeap=0x6d0000) returned 1 [0031.120] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853a9e10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="_CACHE_CLEAN_", cAlternateFileName="_CACHE~1")) returned 0 [0031.120] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef38 | out: hHeap=0x6d0000) returned 1 [0031.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee58 | out: hHeap=0x6d0000) returned 1 [0031.120] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 0 [0031.120] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eed28 | out: hHeap=0x6d0000) returned 1 [0031.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eec60 | out: hHeap=0x6d0000) returned 1 [0031.120] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="Profiles", cAlternateFileName="")) returned 0 [0031.120] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0031.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.121] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.121] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="updates", cAlternateFileName="")) returned 1 [0031.121] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.121] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.121] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.121] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eeb50 [0031.121] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0031.121] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="..", cAlternateFileName="")) returned 1 [0031.121] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="E7CF176E110C211B", cAlternateFileName="E7CF17~1")) returned 1 [0031.121] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eebd8 [0031.121] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6eec60 [0031.121] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eebd8 | out: hHeap=0x6d0000) returned 1 [0031.121] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eed28 [0031.121] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.123] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="..", cAlternateFileName="")) returned 1 [0031.123] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a2b6d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x464, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="active-update.xml", cAlternateFileName="ACTIVE~1.XML")) returned 1 [0031.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eedd0 [0031.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eee78 [0031.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eedd0 | out: hHeap=0x6d0000) returned 1 [0031.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.124] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x464, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x464, lpOverlapped=0x0) returned 1 [0031.126] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.126] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x464, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x464, lpOverlapped=0x0) returned 1 [0031.126] CloseHandle (hObject=0x48) returned 1 [0031.126] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6eef70 [0031.126] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml.adv")) returned 1 [0031.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef70 | out: hHeap=0x6d0000) returned 1 [0031.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee78 | out: hHeap=0x6d0000) returned 1 [0031.127] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="updates", cAlternateFileName="")) returned 1 [0031.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eedd0 [0031.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eee78 [0031.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eedd0 | out: hHeap=0x6d0000) returned 1 [0031.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eef70 [0031.127] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x357, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.128] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x357, cFileName="..", cAlternateFileName="")) returned 1 [0031.128] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x357, cFileName="0", cAlternateFileName="")) returned 1 [0031.128] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ef028 [0031.128] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ef0e0 [0031.128] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ef198 [0031.128] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0e0 | out: hHeap=0x6d0000) returned 1 [0031.128] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb74b7b30, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.128] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb74b7b30, cFileName="..", cAlternateFileName="")) returned 1 [0031.128] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x818016b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x927c0, dwReserved0=0x1d2dda4, dwReserved1=0xb74b7b30, cFileName="update.mar", cAlternateFileName="")) returned 1 [0031.128] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ef0e0 [0031.128] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ef2a8 [0031.128] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0e0 | out: hHeap=0x6d0000) returned 1 [0031.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.129] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x927c0, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x927c0, lpOverlapped=0x0) returned 1 [0031.136] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.136] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x927c0, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x927c0, lpOverlapped=0x0) returned 1 [0031.137] CloseHandle (hObject=0x50) returned 1 [0031.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef3b8 [0031.138] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar.adv")) returned 1 [0031.146] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef3b8 | out: hHeap=0x6d0000) returned 1 [0031.146] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef2a8 | out: hHeap=0x6d0000) returned 1 [0031.146] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80993150, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80993150, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80993150, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xc, dwReserved0=0x1d2dda4, dwReserved1=0xb74b7b30, cFileName="update.status", cAlternateFileName="UPDATE~1.STA")) returned 1 [0031.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ef0e0 [0031.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6ef2a8 [0031.146] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0e0 | out: hHeap=0x6d0000) returned 1 [0031.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0031.147] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xc, lpOverlapped=0x0) returned 1 [0031.148] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.148] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xc, lpOverlapped=0x0) returned 1 [0031.149] CloseHandle (hObject=0x50) returned 1 [0031.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef3b8 [0031.149] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status.adv")) returned 1 [0031.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef3b8 | out: hHeap=0x6d0000) returned 1 [0031.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef2a8 | out: hHeap=0x6d0000) returned 1 [0031.150] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80993150, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80993150, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80993150, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xc, dwReserved0=0x1d2dda4, dwReserved1=0xb74b7b30, cFileName="update.status", cAlternateFileName="UPDATE~1.STA")) returned 0 [0031.150] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef198 | out: hHeap=0x6d0000) returned 1 [0031.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef028 | out: hHeap=0x6d0000) returned 1 [0031.150] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x357, cFileName="0", cAlternateFileName="")) returned 0 [0031.150] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef70 | out: hHeap=0x6d0000) returned 1 [0031.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee78 | out: hHeap=0x6d0000) returned 1 [0031.150] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a9daf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8548e650, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8548e650, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="updates.xml", cAlternateFileName="")) returned 1 [0031.150] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eedd0 [0031.151] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eee78 [0031.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eedd0 | out: hHeap=0x6d0000) returned 1 [0031.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.151] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x39, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x39, lpOverlapped=0x0) returned 1 [0031.152] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.152] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x39, lpOverlapped=0x0) returned 1 [0031.152] CloseHandle (hObject=0x48) returned 1 [0031.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6eef70 [0031.152] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml.adv")) returned 1 [0031.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef70 | out: hHeap=0x6d0000) returned 1 [0031.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee78 | out: hHeap=0x6d0000) returned 1 [0031.153] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a9daf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8548e650, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8548e650, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="updates.xml", cAlternateFileName="")) returned 0 [0031.153] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eed28 | out: hHeap=0x6d0000) returned 1 [0031.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eec60 | out: hHeap=0x6d0000) returned 1 [0031.153] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb7314c10, cFileName="E7CF176E110C211B", cAlternateFileName="E7CF17~1")) returned 0 [0031.153] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0031.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.153] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="updates", cAlternateFileName="")) returned 0 [0031.153] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0031.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9b0 | out: hHeap=0x6d0000) returned 1 [0031.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee918 | out: hHeap=0x6d0000) returned 1 [0031.154] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb08b6620, ftLastAccessTime.dwHighDateTime=0x1d5d8ba, ftLastWriteTime.dwLowDateTime=0xb08b6620, ftLastWriteTime.dwHighDateTime=0x1d5d8ba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Temp", cAlternateFileName="")) returned 1 [0031.154] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ee8b0 [0031.154] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6ee918 [0031.154] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0031.154] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ee9b0 [0031.154] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb08b6620, ftLastAccessTime.dwHighDateTime=0x1d5d8ba, ftLastWriteTime.dwLowDateTime=0xb08b6620, ftLastWriteTime.dwHighDateTime=0x1d5d8ba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0031.154] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb08b6620, ftLastAccessTime.dwHighDateTime=0x1d5d8ba, ftLastWriteTime.dwLowDateTime=0xb08b6620, ftLastWriteTime.dwHighDateTime=0x1d5d8ba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="..", cAlternateFileName="")) returned 1 [0031.154] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77b12a00, ftCreationTime.dwHighDateTime=0x1d5be53, ftLastAccessTime.dwLowDateTime=0x41844180, ftLastAccessTime.dwHighDateTime=0x1d5c3d3, ftLastWriteTime.dwLowDateTime=0x41844180, ftLastWriteTime.dwHighDateTime=0x1d5c3d3, nFileSizeHigh=0x0, nFileSizeLow=0x116f, dwReserved0=0x0, dwReserved1=0xa19, cFileName="A3CIs.mkv", cAlternateFileName="")) returned 1 [0031.154] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.154] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.154] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\A3CIs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\a3cis.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.154] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x116f, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x116f, lpOverlapped=0x0) returned 1 [0031.155] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.155] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x116f, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x116f, lpOverlapped=0x0) returned 1 [0031.155] CloseHandle (hObject=0x40) returned 1 [0031.155] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eeb50 [0031.155] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\A3CIs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\a3cis.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\A3CIs.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\a3cis.mkv.adv")) returned 1 [0031.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.157] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b91d00, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0x54b91d00, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x54c76540, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x2fc, dwReserved0=0x0, dwReserved1=0xa19, cFileName="AdobeARM.log", cAlternateFileName="")) returned 1 [0031.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.157] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fc, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x2fc, lpOverlapped=0x0) returned 1 [0031.158] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.158] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fc, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x2fc, lpOverlapped=0x0) returned 1 [0031.158] CloseHandle (hObject=0x40) returned 1 [0031.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.158] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log.adv")) returned 1 [0031.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.160] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc1b01120, ftCreationTime.dwHighDateTime=0x1d5b791, ftLastAccessTime.dwLowDateTime=0x19ce1f00, ftLastAccessTime.dwHighDateTime=0x1d5ba26, ftLastWriteTime.dwLowDateTime=0x19ce1f00, ftLastWriteTime.dwHighDateTime=0x1d5ba26, nFileSizeHigh=0x0, nFileSizeLow=0x918, dwReserved0=0x0, dwReserved1=0xa19, cFileName="apTHTL.wav", cAlternateFileName="")) returned 1 [0031.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\apTHTL.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\apthtl.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.160] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x918, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x918, lpOverlapped=0x0) returned 1 [0031.161] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.161] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x918, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x918, lpOverlapped=0x0) returned 1 [0031.161] CloseHandle (hObject=0x40) returned 1 [0031.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eeb50 [0031.161] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\apTHTL.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\apthtl.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\apTHTL.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\apthtl.wav.adv")) returned 1 [0031.162] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcf699ed0, ftCreationTime.dwHighDateTime=0x1d5c385, ftLastAccessTime.dwLowDateTime=0x2f589a80, ftLastAccessTime.dwHighDateTime=0x1d5b65c, ftLastWriteTime.dwLowDateTime=0x2f589a80, ftLastWriteTime.dwHighDateTime=0x1d5b65c, nFileSizeHigh=0x0, nFileSizeLow=0xfde7, dwReserved0=0x0, dwReserved1=0xa19, cFileName="aunX0be01Ep1Cbnv8Cs.pdf", cAlternateFileName="AUNX0B~1.PDF")) returned 1 [0031.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\aunX0be01Ep1Cbnv8Cs.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\aunx0be01ep1cbnv8cs.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.162] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfde7, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xfde7, lpOverlapped=0x0) returned 1 [0031.163] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.163] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfde7, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xfde7, lpOverlapped=0x0) returned 1 [0031.164] CloseHandle (hObject=0x40) returned 1 [0031.164] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eeb50 [0031.164] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\aunX0be01Ep1Cbnv8Cs.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\aunx0be01ep1cbnv8cs.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\aunX0be01Ep1Cbnv8Cs.pdf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\aunx0be01ep1cbnv8cs.pdf.adv")) returned 1 [0031.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.165] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3bd73f10, ftCreationTime.dwHighDateTime=0x1d5c10f, ftLastAccessTime.dwLowDateTime=0xe9ed8850, ftLastAccessTime.dwHighDateTime=0x1d5c33c, ftLastWriteTime.dwLowDateTime=0xe9ed8850, ftLastWriteTime.dwHighDateTime=0x1d5c33c, nFileSizeHigh=0x0, nFileSizeLow=0x1515, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Caq1CUgR-Km2n7n.jpg", cAlternateFileName="CAQ1CU~1.JPG")) returned 1 [0031.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Caq1CUgR-Km2n7n.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\caq1cugr-km2n7n.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.165] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1515, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x1515, lpOverlapped=0x0) returned 1 [0031.166] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.166] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1515, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x1515, lpOverlapped=0x0) returned 1 [0031.166] CloseHandle (hObject=0x40) returned 1 [0031.166] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eeb50 [0031.166] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Caq1CUgR-Km2n7n.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\caq1cugr-km2n7n.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Caq1CUgR-Km2n7n.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\caq1cugr-km2n7n.jpg.adv")) returned 1 [0031.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.167] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Cookies", cAlternateFileName="")) returned 1 [0031.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eeb50 [0031.167] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e8, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0031.169] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e8, cFileName="..", cAlternateFileName="")) returned 1 [0031.169] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x3e8, cFileName="index.dat", cAlternateFileName="")) returned 1 [0031.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eebd8 [0031.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6eec60 [0031.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eebd8 | out: hHeap=0x6d0000) returned 1 [0031.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0031.169] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4000, lpOverlapped=0x0) returned 1 [0031.171] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.171] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4000, lpOverlapped=0x0) returned 1 [0031.171] CloseHandle (hObject=0x44) returned 1 [0031.171] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eed28 [0031.171] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat.adv")) returned 1 [0031.184] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eed28 | out: hHeap=0x6d0000) returned 1 [0031.184] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eec60 | out: hHeap=0x6d0000) returned 1 [0031.184] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x3e8, cFileName="index.dat", cAlternateFileName="")) returned 0 [0031.184] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0031.184] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.184] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.185] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc0a92bf0, ftCreationTime.dwHighDateTime=0x1d5bd85, ftLastAccessTime.dwLowDateTime=0xa7a8ade0, ftLastAccessTime.dwHighDateTime=0x1d5c34f, ftLastWriteTime.dwLowDateTime=0xa7a8ade0, ftLastWriteTime.dwHighDateTime=0x1d5c34f, nFileSizeHigh=0x0, nFileSizeLow=0x9208, dwReserved0=0x0, dwReserved1=0xa19, cFileName="E0feq-eo.mkv", cAlternateFileName="")) returned 1 [0031.185] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.185] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.185] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\E0feq-eo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\e0feq-eo.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.185] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9208, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x9208, lpOverlapped=0x0) returned 1 [0031.186] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.186] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9208, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x9208, lpOverlapped=0x0) returned 1 [0031.186] CloseHandle (hObject=0x40) returned 1 [0031.186] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.186] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\E0feq-eo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\e0feq-eo.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\E0feq-eo.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\e0feq-eo.mkv.adv")) returned 1 [0031.187] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.187] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.188] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e739ad0, ftCreationTime.dwHighDateTime=0x1d5b77e, ftLastAccessTime.dwLowDateTime=0x613ecf40, ftLastAccessTime.dwHighDateTime=0x1d5b5d7, ftLastWriteTime.dwLowDateTime=0x613ecf40, ftLastWriteTime.dwHighDateTime=0x1d5b5d7, nFileSizeHigh=0x0, nFileSizeLow=0xfa46, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Fbgbahn5NDM.jpg", cAlternateFileName="FBGBAH~1.JPG")) returned 1 [0031.188] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.188] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.188] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Fbgbahn5NDM.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fbgbahn5ndm.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.188] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfa46, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xfa46, lpOverlapped=0x0) returned 1 [0031.189] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.189] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfa46, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xfa46, lpOverlapped=0x0) returned 1 [0031.189] CloseHandle (hObject=0x40) returned 1 [0031.189] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.189] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Fbgbahn5NDM.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fbgbahn5ndm.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Fbgbahn5NDM.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fbgbahn5ndm.jpg.adv")) returned 1 [0031.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.190] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce072d30, ftCreationTime.dwHighDateTime=0x1d5b793, ftLastAccessTime.dwLowDateTime=0xc98c3380, ftLastAccessTime.dwHighDateTime=0x1d5bf82, ftLastWriteTime.dwLowDateTime=0xc98c3380, ftLastWriteTime.dwHighDateTime=0x1d5bf82, nFileSizeHigh=0x0, nFileSizeLow=0x17328, dwReserved0=0x0, dwReserved1=0xa19, cFileName="fwnkYx_b.xlsx", cAlternateFileName="FWNKYX~1.XLS")) returned 1 [0031.190] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.190] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\fwnkYx_b.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fwnkyx_b.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.190] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17328, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x17328, lpOverlapped=0x0) returned 1 [0031.192] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.192] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17328, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x17328, lpOverlapped=0x0) returned 1 [0031.192] CloseHandle (hObject=0x40) returned 1 [0031.192] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.192] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\fwnkYx_b.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fwnkyx_b.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\fwnkYx_b.xlsx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fwnkyx_b.xlsx.adv")) returned 1 [0031.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.193] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33d9ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x33d9ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 1 [0031.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0031.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.193] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="History", cAlternateFileName="")) returned 1 [0031.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.193] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.193] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eeb50 [0031.193] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0031.194] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0031.194] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History.IE5", cAlternateFileName="")) returned 1 [0031.194] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eebd8 [0031.194] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6eec60 [0031.194] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eebd8 | out: hHeap=0x6d0000) returned 1 [0031.194] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eed28 [0031.194] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd97fe0a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.195] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd97fe0a0, cFileName="..", cAlternateFileName="")) returned 1 [0031.195] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9824200, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x1d2dda0, dwReserved1=0xd97fe0a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0031.195] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eedc0 [0031.195] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6eee58 [0031.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eedc0 | out: hHeap=0x6d0000) returned 1 [0031.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.195] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x91, lpOverlapped=0x0) returned 1 [0031.196] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.196] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x91, lpOverlapped=0x0) returned 1 [0031.196] CloseHandle (hObject=0x48) returned 1 [0031.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eef38 [0031.196] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini.adv")) returned 1 [0031.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef38 | out: hHeap=0x6d0000) returned 1 [0031.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee58 | out: hHeap=0x6d0000) returned 1 [0031.197] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dda0, dwReserved1=0xd97fe0a0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0031.197] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eedc0 [0031.197] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6eee58 [0031.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eedc0 | out: hHeap=0x6d0000) returned 1 [0031.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.197] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0031.199] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.199] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0031.199] CloseHandle (hObject=0x48) returned 1 [0031.199] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eef38 [0031.199] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat.adv")) returned 1 [0031.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef38 | out: hHeap=0x6d0000) returned 1 [0031.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee58 | out: hHeap=0x6d0000) returned 1 [0031.200] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dda0, dwReserved1=0xd97fe0a0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0031.200] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eed28 | out: hHeap=0x6d0000) returned 1 [0031.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eec60 | out: hHeap=0x6d0000) returned 1 [0031.200] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History.IE5", cAlternateFileName="")) returned 0 [0031.200] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0031.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.200] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe458c80, ftCreationTime.dwHighDateTime=0x1d5bba3, ftLastAccessTime.dwLowDateTime=0x402c44f0, ftLastAccessTime.dwHighDateTime=0x1d5c099, ftLastWriteTime.dwLowDateTime=0x402c44f0, ftLastWriteTime.dwHighDateTime=0x1d5c099, nFileSizeHigh=0x0, nFileSizeLow=0x96ea, dwReserved0=0x0, dwReserved1=0xa19, cFileName="KomN4.mp4", cAlternateFileName="")) returned 1 [0031.200] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.200] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\KomN4.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\komn4.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.200] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x96ea, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x96ea, lpOverlapped=0x0) returned 1 [0031.202] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.202] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x96ea, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x96ea, lpOverlapped=0x0) returned 1 [0031.202] CloseHandle (hObject=0x40) returned 1 [0031.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eeb50 [0031.202] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\KomN4.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\komn4.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\KomN4.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\komn4.mp4.adv")) returned 1 [0031.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.203] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e41b8c0, ftCreationTime.dwHighDateTime=0x1d5b780, ftLastAccessTime.dwLowDateTime=0x2ef7f4c0, ftLastAccessTime.dwHighDateTime=0x1d5c311, ftLastWriteTime.dwLowDateTime=0x2ef7f4c0, ftLastWriteTime.dwHighDateTime=0x1d5c311, nFileSizeHigh=0x0, nFileSizeLow=0x9ccd, dwReserved0=0x0, dwReserved1=0xa19, cFileName="lBkhsoJujv.png", cAlternateFileName="LBKHSO~1.PNG")) returned 1 [0031.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\lBkhsoJujv.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lbkhsojujv.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.203] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9ccd, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x9ccd, lpOverlapped=0x0) returned 1 [0031.204] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.204] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9ccd, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x9ccd, lpOverlapped=0x0) returned 1 [0031.204] CloseHandle (hObject=0x40) returned 1 [0031.204] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\lBkhsoJujv.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lbkhsojujv.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\lBkhsoJujv.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lbkhsojujv.png.adv")) returned 1 [0031.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.205] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4606ed10, ftCreationTime.dwHighDateTime=0x1d5b957, ftLastAccessTime.dwLowDateTime=0x31c92e90, ftLastAccessTime.dwHighDateTime=0x1d5bcad, ftLastWriteTime.dwLowDateTime=0x31c92e90, ftLastWriteTime.dwHighDateTime=0x1d5bcad, nFileSizeHigh=0x0, nFileSizeLow=0xef17, dwReserved0=0x0, dwReserved1=0xa19, cFileName="lMbkzamE _S.gif", cAlternateFileName="LMBKZA~1.GIF")) returned 1 [0031.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\lMbkzamE _S.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lmbkzame _s.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.205] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xef17, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xef17, lpOverlapped=0x0) returned 1 [0031.207] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.207] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xef17, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xef17, lpOverlapped=0x0) returned 1 [0031.207] CloseHandle (hObject=0x40) returned 1 [0031.207] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.207] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\lMbkzamE _S.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lmbkzame _s.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\lMbkzamE _S.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lmbkzame _s.gif.adv")) returned 1 [0031.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.208] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x819e2590, ftCreationTime.dwHighDateTime=0x1d5bd31, ftLastAccessTime.dwLowDateTime=0xe7e9f80, ftLastAccessTime.dwHighDateTime=0x1d5bdb4, ftLastWriteTime.dwLowDateTime=0xe7e9f80, ftLastWriteTime.dwHighDateTime=0x1d5bdb4, nFileSizeHigh=0x0, nFileSizeLow=0xa958, dwReserved0=0x0, dwReserved1=0xa19, cFileName="mG3izbMlPdi6Z3VuZgD.pdf", cAlternateFileName="MG3IZB~1.PDF")) returned 1 [0031.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mG3izbMlPdi6Z3VuZgD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mg3izbmlpdi6z3vuzgd.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.208] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa958, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xa958, lpOverlapped=0x0) returned 1 [0031.209] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.209] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa958, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xa958, lpOverlapped=0x0) returned 1 [0031.209] CloseHandle (hObject=0x40) returned 1 [0031.209] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eeb50 [0031.209] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mG3izbMlPdi6Z3VuZgD.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mg3izbmlpdi6z3vuzgd.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mG3izbMlPdi6Z3VuZgD.pdf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mg3izbmlpdi6z3vuzgd.pdf.adv")) returned 1 [0031.210] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.210] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.210] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ffb2780, ftCreationTime.dwHighDateTime=0x1d5c261, ftLastAccessTime.dwLowDateTime=0x3e46aba0, ftLastAccessTime.dwHighDateTime=0x1d5bce1, ftLastWriteTime.dwLowDateTime=0x3e46aba0, ftLastWriteTime.dwHighDateTime=0x1d5bce1, nFileSizeHigh=0x0, nFileSizeLow=0xe2ca, dwReserved0=0x0, dwReserved1=0xa19, cFileName="niHZOhQRWSt.bmp", cAlternateFileName="NIHZOH~1.BMP")) returned 1 [0031.210] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.210] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.210] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\niHZOhQRWSt.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nihzohqrwst.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.210] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe2ca, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xe2ca, lpOverlapped=0x0) returned 1 [0031.211] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.211] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe2ca, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xe2ca, lpOverlapped=0x0) returned 1 [0031.212] CloseHandle (hObject=0x40) returned 1 [0031.212] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.212] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\niHZOhQRWSt.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nihzohqrwst.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\niHZOhQRWSt.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nihzohqrwst.bmp.adv")) returned 1 [0031.212] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.212] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.212] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x200f5820, ftCreationTime.dwHighDateTime=0x1d5b779, ftLastAccessTime.dwLowDateTime=0xb03fa470, ftLastAccessTime.dwHighDateTime=0x1d5c22f, ftLastWriteTime.dwLowDateTime=0xb03fa470, ftLastWriteTime.dwHighDateTime=0x1d5c22f, nFileSizeHigh=0x0, nFileSizeLow=0x1897a, dwReserved0=0x0, dwReserved1=0xa19, cFileName="nM EsRbc3SIM.avi", cAlternateFileName="NMESRB~1.AVI")) returned 1 [0031.212] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.212] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.212] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nM EsRbc3SIM.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nm esrbc3sim.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.213] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1897a, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x1897a, lpOverlapped=0x0) returned 1 [0031.214] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.214] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1897a, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x1897a, lpOverlapped=0x0) returned 1 [0031.214] CloseHandle (hObject=0x40) returned 1 [0031.214] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.214] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nM EsRbc3SIM.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nm esrbc3sim.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nM EsRbc3SIM.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nm esrbc3sim.avi.adv")) returned 1 [0031.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.215] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe563cf0, ftCreationTime.dwHighDateTime=0x1d5b5aa, ftLastAccessTime.dwLowDateTime=0xdfb6b550, ftLastAccessTime.dwHighDateTime=0x1d5ba54, ftLastWriteTime.dwLowDateTime=0xdfb6b550, ftLastWriteTime.dwHighDateTime=0x1d5ba54, nFileSizeHigh=0x0, nFileSizeLow=0x10b8d, dwReserved0=0x0, dwReserved1=0xa19, cFileName="OviAg.bmp", cAlternateFileName="")) returned 1 [0031.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OviAg.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oviag.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.215] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10b8d, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x10b8d, lpOverlapped=0x0) returned 1 [0031.216] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.216] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10b8d, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x10b8d, lpOverlapped=0x0) returned 1 [0031.217] CloseHandle (hObject=0x40) returned 1 [0031.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eeb50 [0031.217] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OviAg.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oviag.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OviAg.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oviag.bmp.adv")) returned 1 [0031.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.217] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7e80cd0, ftCreationTime.dwHighDateTime=0x1d5bc63, ftLastAccessTime.dwLowDateTime=0x898249b0, ftLastAccessTime.dwHighDateTime=0x1d5bbcb, ftLastWriteTime.dwLowDateTime=0x898249b0, ftLastWriteTime.dwHighDateTime=0x1d5bbcb, nFileSizeHigh=0x0, nFileSizeLow=0x4d2f, dwReserved0=0x0, dwReserved1=0xa19, cFileName="PxrbuhUzoO9Gn1.gif", cAlternateFileName="PXRBUH~1.GIF")) returned 1 [0031.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\PxrbuhUzoO9Gn1.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pxrbuhuzoo9gn1.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.218] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4d2f, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x4d2f, lpOverlapped=0x0) returned 1 [0031.219] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.219] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4d2f, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x4d2f, lpOverlapped=0x0) returned 1 [0031.219] CloseHandle (hObject=0x40) returned 1 [0031.219] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.219] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\PxrbuhUzoO9Gn1.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pxrbuhuzoo9gn1.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\PxrbuhUzoO9Gn1.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pxrbuhuzoo9gn1.gif.adv")) returned 1 [0031.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.220] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4bd4c40, ftCreationTime.dwHighDateTime=0x1d5bb22, ftLastAccessTime.dwLowDateTime=0x175baa20, ftLastAccessTime.dwHighDateTime=0x1d5c3c3, ftLastWriteTime.dwLowDateTime=0x175baa20, ftLastWriteTime.dwHighDateTime=0x1d5c3c3, nFileSizeHigh=0x0, nFileSizeLow=0x123ab, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Qpg7Dv p6TH.jpg", cAlternateFileName="QPG7DV~1.JPG")) returned 1 [0031.220] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.220] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Qpg7Dv p6TH.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qpg7dv p6th.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.220] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x123ab, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x123ab, lpOverlapped=0x0) returned 1 [0031.222] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.222] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x123ab, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x123ab, lpOverlapped=0x0) returned 1 [0031.222] CloseHandle (hObject=0x40) returned 1 [0031.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.222] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Qpg7Dv p6TH.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qpg7dv p6th.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Qpg7Dv p6TH.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qpg7dv p6th.jpg.adv")) returned 1 [0031.223] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.223] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.223] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x108651d0, ftCreationTime.dwHighDateTime=0x1d5b61e, ftLastAccessTime.dwLowDateTime=0x1b365c10, ftLastAccessTime.dwHighDateTime=0x1d5bb9b, ftLastWriteTime.dwLowDateTime=0x1b365c10, ftLastWriteTime.dwHighDateTime=0x1d5bb9b, nFileSizeHigh=0x0, nFileSizeLow=0x4dab, dwReserved0=0x0, dwReserved1=0xa19, cFileName="qtAZ.ods", cAlternateFileName="")) returned 1 [0031.223] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.223] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.223] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qtAZ.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qtaz.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.223] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4dab, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x4dab, lpOverlapped=0x0) returned 1 [0031.224] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.224] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4dab, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x4dab, lpOverlapped=0x0) returned 1 [0031.224] CloseHandle (hObject=0x40) returned 1 [0031.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6eeb50 [0031.224] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qtAZ.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qtaz.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qtAZ.ods.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qtaz.ods.adv")) returned 1 [0031.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.225] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfc7486b0, ftCreationTime.dwHighDateTime=0x1d5be94, ftLastAccessTime.dwLowDateTime=0x2126bcf0, ftLastAccessTime.dwHighDateTime=0x1d5ba29, ftLastWriteTime.dwLowDateTime=0x2126bcf0, ftLastWriteTime.dwHighDateTime=0x1d5ba29, nFileSizeHigh=0x0, nFileSizeLow=0x4106, dwReserved0=0x0, dwReserved1=0xa19, cFileName="RCpaimt0nOqPnHgvKvqf.flv", cAlternateFileName="RCPAIM~1.FLV")) returned 1 [0031.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\RCpaimt0nOqPnHgvKvqf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\rcpaimt0noqpnhgvkvqf.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.225] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4106, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x4106, lpOverlapped=0x0) returned 1 [0031.226] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.226] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4106, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x4106, lpOverlapped=0x0) returned 1 [0031.226] CloseHandle (hObject=0x40) returned 1 [0031.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eeb50 [0031.226] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\RCpaimt0nOqPnHgvKvqf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\rcpaimt0noqpnhgvkvqf.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\RCpaimt0nOqPnHgvKvqf.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\rcpaimt0noqpnhgvkvqf.flv.adv")) returned 1 [0031.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.227] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0031.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eeb50 [0031.227] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e6, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0031.228] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e6, cFileName="..", cAlternateFileName="")) returned 1 [0031.228] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e6, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0031.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eebf8 [0031.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6eeca0 [0031.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eebf8 | out: hHeap=0x6d0000) returned 1 [0031.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eed98 [0031.228] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd978bc80, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.228] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd978bc80, cFileName="..", cAlternateFileName="")) returned 1 [0031.228] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd978bc80, cFileName="03J4UQW0", cAlternateFileName="")) returned 1 [0031.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eee50 [0031.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6eef08 [0031.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee50 | out: hHeap=0x6d0000) returned 1 [0031.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef018 [0031.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef0e0 [0031.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.228] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd97d7f40, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.229] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd97d7f40, cFileName="..", cAlternateFileName="")) returned 1 [0031.229] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dda0, dwReserved1=0xd97d7f40, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0031.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef018 [0031.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef208 [0031.229] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0031.230] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0031.231] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.231] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0031.231] CloseHandle (hObject=0x4c) returned 1 [0031.231] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef330 [0031.231] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini.adv")) returned 1 [0031.232] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef330 | out: hHeap=0x6d0000) returned 1 [0031.232] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef208 | out: hHeap=0x6d0000) returned 1 [0031.232] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dda0, dwReserved1=0xd97d7f40, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0031.232] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.232] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0e0 | out: hHeap=0x6d0000) returned 1 [0031.232] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef08 | out: hHeap=0x6d0000) returned 1 [0031.232] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dda0, dwReserved1=0xd978bc80, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0031.232] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eee50 [0031.232] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6eef08 [0031.232] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee50 | out: hHeap=0x6d0000) returned 1 [0031.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.233] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0031.234] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.234] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0031.234] CloseHandle (hObject=0x48) returned 1 [0031.234] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef018 [0031.234] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini.adv")) returned 1 [0031.239] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.239] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef08 | out: hHeap=0x6d0000) returned 1 [0031.239] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x1d2dda0, dwReserved1=0xd978bc80, cFileName="index.dat", cAlternateFileName="")) returned 1 [0031.239] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eee50 [0031.239] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6eef08 [0031.239] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee50 | out: hHeap=0x6d0000) returned 1 [0031.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.239] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x8000, lpOverlapped=0x0) returned 1 [0031.241] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.241] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x8000, lpOverlapped=0x0) returned 1 [0031.241] CloseHandle (hObject=0x48) returned 1 [0031.241] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6ef018 [0031.241] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat.adv")) returned 1 [0031.241] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.241] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef08 | out: hHeap=0x6d0000) returned 1 [0031.241] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd978bc80, cFileName="KETAJP6D", cAlternateFileName="")) returned 1 [0031.241] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eee50 [0031.242] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6eef08 [0031.242] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee50 | out: hHeap=0x6d0000) returned 1 [0031.242] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef018 [0031.242] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef0e0 [0031.242] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x342, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.242] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x342, cFileName="..", cAlternateFileName="")) returned 1 [0031.242] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x342, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0031.242] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef018 [0031.242] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef208 [0031.242] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0031.242] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0031.243] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.243] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0031.243] CloseHandle (hObject=0x4c) returned 1 [0031.243] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef330 [0031.243] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini.adv")) returned 1 [0031.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef330 | out: hHeap=0x6d0000) returned 1 [0031.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef208 | out: hHeap=0x6d0000) returned 1 [0031.244] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x342, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0031.244] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0e0 | out: hHeap=0x6d0000) returned 1 [0031.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef08 | out: hHeap=0x6d0000) returned 1 [0031.244] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd978bc80, cFileName="VB18B0KB", cAlternateFileName="")) returned 1 [0031.244] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eee50 [0031.244] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6eef08 [0031.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee50 | out: hHeap=0x6d0000) returned 1 [0031.244] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef018 [0031.244] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef0e0 [0031.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.244] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x342, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.245] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x342, cFileName="..", cAlternateFileName="")) returned 1 [0031.245] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x342, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0031.245] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef018 [0031.245] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef208 [0031.245] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0031.245] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0031.246] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.246] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0031.246] CloseHandle (hObject=0x4c) returned 1 [0031.246] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef330 [0031.246] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini.adv")) returned 1 [0031.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef330 | out: hHeap=0x6d0000) returned 1 [0031.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef208 | out: hHeap=0x6d0000) returned 1 [0031.247] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x342, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0031.247] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0e0 | out: hHeap=0x6d0000) returned 1 [0031.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef08 | out: hHeap=0x6d0000) returned 1 [0031.247] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd978bc80, cFileName="XT1RPYG9", cAlternateFileName="")) returned 1 [0031.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6eee50 [0031.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6eef08 [0031.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eee50 | out: hHeap=0x6d0000) returned 1 [0031.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef018 [0031.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef0e0 [0031.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.247] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x342, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.247] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x342, cFileName="..", cAlternateFileName="")) returned 1 [0031.247] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x342, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0031.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ef018 [0031.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6ef208 [0031.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef018 | out: hHeap=0x6d0000) returned 1 [0031.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0031.248] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0031.249] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.249] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0031.249] CloseHandle (hObject=0x4c) returned 1 [0031.249] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ef330 [0031.249] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini.adv")) returned 1 [0031.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef330 | out: hHeap=0x6d0000) returned 1 [0031.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef208 | out: hHeap=0x6d0000) returned 1 [0031.250] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x342, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0031.250] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ef0e0 | out: hHeap=0x6d0000) returned 1 [0031.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eef08 | out: hHeap=0x6d0000) returned 1 [0031.250] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xd978bc80, cFileName="XT1RPYG9", cAlternateFileName="")) returned 0 [0031.250] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eed98 | out: hHeap=0x6d0000) returned 1 [0031.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeca0 | out: hHeap=0x6d0000) returned 1 [0031.250] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e6, cFileName="Content.IE5", cAlternateFileName="")) returned 0 [0031.250] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0031.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.250] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9304b4c0, ftCreationTime.dwHighDateTime=0x1d5c119, ftLastAccessTime.dwLowDateTime=0x61fe920, ftLastAccessTime.dwHighDateTime=0x1d5c2c8, ftLastWriteTime.dwLowDateTime=0x61fe920, ftLastWriteTime.dwHighDateTime=0x1d5c2c8, nFileSizeHigh=0x0, nFileSizeLow=0xe411, dwReserved0=0x0, dwReserved1=0xa19, cFileName="TnJPoH2qR9MeF0NmAD.flv", cAlternateFileName="TNJPOH~1.FLV")) returned 1 [0031.250] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.250] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TnJPoH2qR9MeF0NmAD.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tnjpoh2qr9mef0nmad.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.251] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe411, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xe411, lpOverlapped=0x0) returned 1 [0031.251] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.252] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe411, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xe411, lpOverlapped=0x0) returned 1 [0031.252] CloseHandle (hObject=0x40) returned 1 [0031.252] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eeb50 [0031.252] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TnJPoH2qR9MeF0NmAD.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tnjpoh2qr9mef0nmad.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\TnJPoH2qR9MeF0NmAD.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tnjpoh2qr9mef0nmad.flv.adv")) returned 1 [0031.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.253] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x65537b70, ftCreationTime.dwHighDateTime=0x1d5c280, ftLastAccessTime.dwLowDateTime=0x8238ffb0, ftLastAccessTime.dwHighDateTime=0x1d5bc65, ftLastWriteTime.dwLowDateTime=0x8238ffb0, ftLastWriteTime.dwHighDateTime=0x1d5bc65, nFileSizeHigh=0x0, nFileSizeLow=0x4160, dwReserved0=0x0, dwReserved1=0xa19, cFileName="tNvIXS47.mp4", cAlternateFileName="")) returned 1 [0031.253] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.253] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tNvIXS47.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tnvixs47.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.253] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4160, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x4160, lpOverlapped=0x0) returned 1 [0031.254] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.254] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4160, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x4160, lpOverlapped=0x0) returned 1 [0031.254] CloseHandle (hObject=0x40) returned 1 [0031.254] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.254] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tNvIXS47.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tnvixs47.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tNvIXS47.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tnvixs47.mp4.adv")) returned 1 [0031.255] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.255] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.255] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad091130, ftCreationTime.dwHighDateTime=0x1d5b710, ftLastAccessTime.dwLowDateTime=0x78d6b7f0, ftLastAccessTime.dwHighDateTime=0x1d5bb16, ftLastWriteTime.dwLowDateTime=0x78d6b7f0, ftLastWriteTime.dwHighDateTime=0x1d5bb16, nFileSizeHigh=0x0, nFileSizeLow=0x1364b, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Tqx4VDdTTTGFF45oHgrD.mp3", cAlternateFileName="TQX4VD~1.MP3")) returned 1 [0031.255] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.255] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.255] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Tqx4VDdTTTGFF45oHgrD.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tqx4vddtttgff45ohgrd.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.255] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1364b, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x1364b, lpOverlapped=0x0) returned 1 [0031.256] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.256] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1364b, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x1364b, lpOverlapped=0x0) returned 1 [0031.256] CloseHandle (hObject=0x40) returned 1 [0031.256] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eeb50 [0031.256] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Tqx4VDdTTTGFF45oHgrD.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tqx4vddtttgff45ohgrd.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Tqx4VDdTTTGFF45oHgrD.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tqx4vddtttgff45ohgrd.mp3.adv")) returned 1 [0031.257] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.257] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.257] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb44e6b30, ftCreationTime.dwHighDateTime=0x1d5c209, ftLastAccessTime.dwLowDateTime=0x9d324970, ftLastAccessTime.dwHighDateTime=0x1d5c0c0, ftLastWriteTime.dwLowDateTime=0x9d324970, ftLastWriteTime.dwHighDateTime=0x1d5c0c0, nFileSizeHigh=0x0, nFileSizeLow=0x4d19, dwReserved0=0x0, dwReserved1=0xa19, cFileName="u9VzUUqjdwRt.avi", cAlternateFileName="U9VZUU~1.AVI")) returned 1 [0031.257] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.257] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.257] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\u9VzUUqjdwRt.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\u9vzuuqjdwrt.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.257] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4d19, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x4d19, lpOverlapped=0x0) returned 1 [0031.258] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.258] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4d19, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x4d19, lpOverlapped=0x0) returned 1 [0031.258] CloseHandle (hObject=0x40) returned 1 [0031.258] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.258] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\u9VzUUqjdwRt.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\u9vzuuqjdwrt.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\u9VzUUqjdwRt.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\u9vzuuqjdwrt.avi.adv")) returned 1 [0031.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.259] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef24e0b0, ftCreationTime.dwHighDateTime=0x1d5c4af, ftLastAccessTime.dwLowDateTime=0xf1779620, ftLastAccessTime.dwHighDateTime=0x1d5bba2, ftLastWriteTime.dwLowDateTime=0xf1779620, ftLastWriteTime.dwHighDateTime=0x1d5bba2, nFileSizeHigh=0x0, nFileSizeLow=0x16ba9, dwReserved0=0x0, dwReserved1=0xa19, cFileName="VjNSemis7BVv3y6EC.bmp", cAlternateFileName="VJNSEM~1.BMP")) returned 1 [0031.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\VjNSemis7BVv3y6EC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vjnsemis7bvv3y6ec.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.260] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16ba9, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x16ba9, lpOverlapped=0x0) returned 1 [0031.261] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.261] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16ba9, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x16ba9, lpOverlapped=0x0) returned 1 [0031.261] CloseHandle (hObject=0x40) returned 1 [0031.261] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eeb50 [0031.261] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\VjNSemis7BVv3y6EC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vjnsemis7bvv3y6ec.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\VjNSemis7BVv3y6EC.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\vjnsemis7bvv3y6ec.bmp.adv")) returned 1 [0031.262] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.262] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.262] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x57f4d770, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0x57f4d770, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x57f4d770, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="WPDNSE", cAlternateFileName="")) returned 1 [0031.262] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.262] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eeaa0 [0031.262] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeb18 [0031.262] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.262] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x57f4d770, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0x57f4d770, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x57f4d770, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e7, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0031.262] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x57f4d770, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0x57f4d770, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x57f4d770, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e7, cFileName="..", cAlternateFileName="")) returned 1 [0031.263] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x57f4d770, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0x57f4d770, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x57f4d770, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e7, cFileName="..", cAlternateFileName="")) returned 0 [0031.263] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0031.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb18 | out: hHeap=0x6d0000) returned 1 [0031.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.263] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c4742d0, ftCreationTime.dwHighDateTime=0x1d5c32e, ftLastAccessTime.dwLowDateTime=0xd9fa7db0, ftLastAccessTime.dwHighDateTime=0x1d5b8ae, ftLastWriteTime.dwLowDateTime=0xd9fa7db0, ftLastWriteTime.dwHighDateTime=0x1d5b8ae, nFileSizeHigh=0x0, nFileSizeLow=0x862d, dwReserved0=0x0, dwReserved1=0xa19, cFileName="Wr2nrSBzSICX.wav", cAlternateFileName="WR2NRS~1.WAV")) returned 1 [0031.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Wr2nrSBzSICX.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wr2nrsbzsicx.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.263] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x862d, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x862d, lpOverlapped=0x0) returned 1 [0031.264] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.264] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x862d, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x862d, lpOverlapped=0x0) returned 1 [0031.264] CloseHandle (hObject=0x40) returned 1 [0031.264] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6eeb50 [0031.264] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Wr2nrSBzSICX.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wr2nrsbzsicx.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Wr2nrSBzSICX.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wr2nrsbzsicx.wav.adv")) returned 1 [0031.265] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.265] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.265] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f69e9c0, ftCreationTime.dwHighDateTime=0x1d5c52f, ftLastAccessTime.dwLowDateTime=0x8cf929f0, ftLastAccessTime.dwHighDateTime=0x1d5c04a, ftLastWriteTime.dwLowDateTime=0x8cf929f0, ftLastWriteTime.dwHighDateTime=0x1d5c04a, nFileSizeHigh=0x0, nFileSizeLow=0x16210, dwReserved0=0x0, dwReserved1=0xa19, cFileName="x9c_u22o_Z6ZVbOEG.pdf", cAlternateFileName="X9C_U2~1.PDF")) returned 1 [0031.265] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6eea28 [0031.265] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6eeaa0 [0031.265] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eea28 | out: hHeap=0x6d0000) returned 1 [0031.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\x9c_u22o_Z6ZVbOEG.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\x9c_u22o_z6zvboeg.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0031.266] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16210, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x16210, lpOverlapped=0x0) returned 1 [0031.267] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.267] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16210, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x16210, lpOverlapped=0x0) returned 1 [0031.267] CloseHandle (hObject=0x40) returned 1 [0031.267] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6eeb50 [0031.267] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\x9c_u22o_Z6ZVbOEG.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\x9c_u22o_z6zvboeg.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\x9c_u22o_Z6ZVbOEG.pdf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\x9c_u22o_z6zvboeg.pdf.adv")) returned 1 [0031.268] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeb50 | out: hHeap=0x6d0000) returned 1 [0031.268] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eeaa0 | out: hHeap=0x6d0000) returned 1 [0031.268] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f69e9c0, ftCreationTime.dwHighDateTime=0x1d5c52f, ftLastAccessTime.dwLowDateTime=0x8cf929f0, ftLastAccessTime.dwHighDateTime=0x1d5c04a, ftLastWriteTime.dwLowDateTime=0x8cf929f0, ftLastWriteTime.dwHighDateTime=0x1d5c04a, nFileSizeHigh=0x0, nFileSizeLow=0x16210, dwReserved0=0x0, dwReserved1=0xa19, cFileName="x9c_u22o_Z6ZVbOEG.pdf", cAlternateFileName="X9C_U2~1.PDF")) returned 0 [0031.268] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0031.268] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9b0 | out: hHeap=0x6d0000) returned 1 [0031.268] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee918 | out: hHeap=0x6d0000) returned 1 [0031.268] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0031.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ee8b0 [0031.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6ee918 [0031.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0031.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6ee9b0 [0031.269] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f69e9c0, ftCreationTime.dwHighDateTime=0x1d5c52f, ftLastAccessTime.dwLowDateTime=0x8cf929f0, ftLastAccessTime.dwHighDateTime=0x1d5c04a, ftLastWriteTime.dwLowDateTime=0x8cf929f0, ftLastWriteTime.dwHighDateTime=0x1d5c04a, nFileSizeHigh=0x0, nFileSizeLow=0x16210, dwReserved0=0x0, dwReserved1=0xa19, cFileName="x9c_u22o_Z6ZVbOEG.pdf", cAlternateFileName="")) returned 0xffffffff [0031.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9b0 | out: hHeap=0x6d0000) returned 1 [0031.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee918 | out: hHeap=0x6d0000) returned 1 [0031.269] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0031.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ee8b0 [0031.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6ee918 [0031.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0031.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6ee9b0 [0031.269] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0031.270] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="..", cAlternateFileName="")) returned 1 [0031.270] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xa19, cFileName="..", cAlternateFileName="")) returned 0 [0031.270] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0031.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee9b0 | out: hHeap=0x6d0000) returned 1 [0031.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee918 | out: hHeap=0x6d0000) returned 1 [0031.270] FindNextFileW (in: hFindFile=0x6e2068, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 0 [0031.270] FindClose (in: hFindFile=0x6e2068 | out: hFindFile=0x6e2068) returned 1 [0031.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5788 | out: hHeap=0x6d0000) returned 1 [0031.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c0 | out: hHeap=0x6d0000) returned 1 [0031.270] FindNextFileW (in: hFindFile=0x6e1f60, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0031.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2068 [0031.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e20c0 [0031.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0031.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e5788 [0031.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e57f0 [0031.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5788 | out: hHeap=0x6d0000) returned 1 [0031.270] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0031.270] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0031.270] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Adobe", cAlternateFileName="")) returned 1 [0031.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e5788 [0031.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5888 [0031.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5788 | out: hHeap=0x6d0000) returned 1 [0031.270] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5920 [0031.270] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0031.271] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="..", cAlternateFileName="")) returned 1 [0031.271] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0031.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5998 [0031.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a10 [0031.271] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5998 | out: hHeap=0x6d0000) returned 1 [0031.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5ac0 [0031.271] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.272] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0031.272] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="10.0", cAlternateFileName="")) returned 1 [0031.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5b48 [0031.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5bd0 [0031.272] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b48 | out: hHeap=0x6d0000) returned 1 [0031.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5c98 [0031.272] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd6e27e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.273] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd6e27e0, cFileName="..", cAlternateFileName="")) returned 1 [0031.273] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd9b6a040, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9b6a040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xde963ca0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0xa5ff, dwReserved0=0x1d2dda0, dwReserved1=0xcd6e27e0, cFileName="rdrmessage.zip", cAlternateFileName="RDRMES~1.ZIP")) returned 1 [0031.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d30 [0031.274] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5dc8 [0031.274] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d30 | out: hHeap=0x6d0000) returned 1 [0031.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.275] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa5ff, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa5ff, lpOverlapped=0x0) returned 1 [0031.276] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.276] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa5ff, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa5ff, lpOverlapped=0x0) returned 1 [0031.276] CloseHandle (hObject=0x48) returned 1 [0031.277] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5ea8 [0031.277] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip.adv")) returned 1 [0031.277] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ea8 | out: hHeap=0x6d0000) returned 1 [0031.277] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc8 | out: hHeap=0x6d0000) returned 1 [0031.277] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce824760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce824760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe5ab8070, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x1d2dda0, dwReserved1=0xcd6e27e0, cFileName="ReaderMessages", cAlternateFileName="READER~1")) returned 1 [0031.277] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d30 [0031.277] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5dc8 [0031.277] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d30 | out: hHeap=0x6d0000) returned 1 [0031.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.278] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2000, lpOverlapped=0x0) returned 1 [0031.279] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.279] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2000, lpOverlapped=0x0) returned 1 [0031.279] CloseHandle (hObject=0x48) returned 1 [0031.279] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5ea8 [0031.279] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages.adv")) returned 1 [0031.280] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ea8 | out: hHeap=0x6d0000) returned 1 [0031.280] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc8 | out: hHeap=0x6d0000) returned 1 [0031.280] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd6e27e0, cFileName="Search", cAlternateFileName="")) returned 1 [0031.280] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d30 [0031.280] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5dc8 [0031.280] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d30 | out: hHeap=0x6d0000) returned 1 [0031.280] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ea8 [0031.280] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfa, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.281] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfa, cFileName="..", cAlternateFileName="")) returned 1 [0031.281] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfa, cFileName="..", cAlternateFileName="")) returned 0 [0031.281] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.281] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ea8 | out: hHeap=0x6d0000) returned 1 [0031.281] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc8 | out: hHeap=0x6d0000) returned 1 [0031.281] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd6e27e0, cFileName="Search", cAlternateFileName="")) returned 0 [0031.281] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c98 | out: hHeap=0x6d0000) returned 1 [0031.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5bd0 | out: hHeap=0x6d0000) returned 1 [0031.282] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="10.0", cAlternateFileName="")) returned 0 [0031.282] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0031.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a10 | out: hHeap=0x6d0000) returned 1 [0031.282] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0031.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5998 [0031.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a10 [0031.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5998 | out: hHeap=0x6d0000) returned 1 [0031.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5ac0 [0031.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.282] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0031.282] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0031.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5b58 [0031.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5bf0 [0031.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b58 | out: hHeap=0x6d0000) returned 1 [0031.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5cd0 [0031.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.283] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0031.283] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="Adobe Custom Dictionary", cAlternateFileName="ADOBEC~1")) returned 1 [0031.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d78 [0031.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5e20 [0031.283] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d78 | out: hHeap=0x6d0000) returned 1 [0031.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5f18 [0031.283] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.285] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="..", cAlternateFileName="")) returned 1 [0031.285] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="all", cAlternateFileName="")) returned 1 [0031.285] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.285] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.285] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.285] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.285] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.285] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.285] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.285] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="brt", cAlternateFileName="")) returned 1 [0031.285] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.286] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.286] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.286] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.286] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.286] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.286] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.286] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.286] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.287] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="brz", cAlternateFileName="")) returned 1 [0031.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.287] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.288] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.288] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.288] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.288] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="dan", cAlternateFileName="")) returned 1 [0031.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.288] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.288] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.288] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.288] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.288] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="dut", cAlternateFileName="")) returned 1 [0031.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.288] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.289] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.289] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.289] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.289] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="eng", cAlternateFileName="")) returned 1 [0031.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.289] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.289] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.289] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.289] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="frn", cAlternateFileName="")) returned 1 [0031.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.290] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.290] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.290] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.290] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="grm", cAlternateFileName="")) returned 1 [0031.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.290] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.290] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.290] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.290] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.290] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="itl", cAlternateFileName="")) returned 1 [0031.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.290] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.291] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.291] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.291] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.291] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.291] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.291] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="nrw", cAlternateFileName="")) returned 1 [0031.291] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.291] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.291] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.291] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.291] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.291] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.291] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.291] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.291] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.291] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.291] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="prt", cAlternateFileName="")) returned 1 [0031.291] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.291] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.291] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.291] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.291] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.292] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.292] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.292] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.292] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="spn", cAlternateFileName="")) returned 1 [0031.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.292] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.292] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.292] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.292] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="swd", cAlternateFileName="")) returned 1 [0031.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ff0 [0031.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e60c8 [0031.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ff0 | out: hHeap=0x6d0000) returned 1 [0031.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6208 [0031.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.293] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 1 [0031.293] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2ddf4, dwReserved1=0xec6bf330, cFileName="..", cAlternateFileName="")) returned 0 [0031.293] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c8 | out: hHeap=0x6d0000) returned 1 [0031.293] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe82613f0, cFileName="swd", cAlternateFileName="")) returned 0 [0031.293] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f18 | out: hHeap=0x6d0000) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e20 | out: hHeap=0x6d0000) returned 1 [0031.293] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="Adobe Custom Dictionary", cAlternateFileName="ADOBEC~1")) returned 0 [0031.293] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5cd0 | out: hHeap=0x6d0000) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5bf0 | out: hHeap=0x6d0000) returned 1 [0031.293] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 0 [0031.293] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a10 | out: hHeap=0x6d0000) returned 1 [0031.293] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 0 [0031.293] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5920 | out: hHeap=0x6d0000) returned 1 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5888 | out: hHeap=0x6d0000) returned 1 [0031.293] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0031.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e5788 [0031.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5888 [0031.293] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5788 | out: hHeap=0x6d0000) returned 1 [0031.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5920 [0031.293] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0031.293] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="..", cAlternateFileName="")) returned 1 [0031.294] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="CryptnetUrlCache", cAlternateFileName="CRYPTN~1")) returned 1 [0031.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e59a8 [0031.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5a30 [0031.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59a8 | out: hHeap=0x6d0000) returned 1 [0031.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5af8 [0031.294] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.294] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0031.294] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="Content", cAlternateFileName="")) returned 1 [0031.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ba0 [0031.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5c48 [0031.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ba0 | out: hHeap=0x6d0000) returned 1 [0031.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d40 [0031.294] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.294] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0031.294] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf9eaad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf9eaad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf9eaad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cAlternateFileName="024823~1")) returned 1 [0031.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.304] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.305] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.305] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.305] CloseHandle (hObject=0x48) returned 1 [0031.305] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.305] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.adv")) returned 1 [0031.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.306] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x561, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cAlternateFileName="0F1583~1")) returned 1 [0031.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.306] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x561, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x561, lpOverlapped=0x0) returned 1 [0031.308] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.308] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x561, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x561, lpOverlapped=0x0) returned 1 [0031.308] CloseHandle (hObject=0x48) returned 1 [0031.308] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.308] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.adv")) returned 1 [0031.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.309] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d8, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cAlternateFileName="1BB09B~1")) returned 1 [0031.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.310] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d8, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d8, lpOverlapped=0x0) returned 1 [0031.311] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.311] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d8, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d8, lpOverlapped=0x0) returned 1 [0031.311] CloseHandle (hObject=0x48) returned 1 [0031.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.311] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.adv")) returned 1 [0031.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.312] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf1d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="1DAF2884EC4DFA96BA4A58D4DBC9C406", cAlternateFileName="1DAF28~1")) returned 1 [0031.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.359] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf1d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf1d, lpOverlapped=0x0) returned 1 [0031.372] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.372] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf1d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf1d, lpOverlapped=0x0) returned 1 [0031.372] CloseHandle (hObject=0x48) returned 1 [0031.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.373] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406.adv")) returned 1 [0031.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.373] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x145, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="23B523C9E7746F715D33C6527C18EB9D", cAlternateFileName="23B523~1")) returned 1 [0031.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.375] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x145, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x145, lpOverlapped=0x0) returned 1 [0031.375] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.376] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x145, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x145, lpOverlapped=0x0) returned 1 [0031.376] CloseHandle (hObject=0x48) returned 1 [0031.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.376] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d.adv")) returned 1 [0031.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.376] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="3130B1871A126520A8C47861EFE3ED4D", cAlternateFileName="3130B1~1")) returned 1 [0031.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.377] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x209, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x209, lpOverlapped=0x0) returned 1 [0031.378] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.378] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x209, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x209, lpOverlapped=0x0) returned 1 [0031.378] CloseHandle (hObject=0x48) returned 1 [0031.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.379] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d.adv")) returned 1 [0031.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.379] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cAlternateFileName="3388EC~1")) returned 1 [0031.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.380] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x58b, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x58b, lpOverlapped=0x0) returned 1 [0031.381] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.381] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x58b, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x58b, lpOverlapped=0x0) returned 1 [0031.381] CloseHandle (hObject=0x48) returned 1 [0031.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.381] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.adv")) returned 1 [0031.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.382] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb68, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cAlternateFileName="40E450~1")) returned 1 [0031.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.382] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb68, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xb68, lpOverlapped=0x0) returned 1 [0031.384] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.384] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb68, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xb68, lpOverlapped=0x0) returned 1 [0031.384] CloseHandle (hObject=0x48) returned 1 [0031.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.384] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.adv")) returned 1 [0031.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.385] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cAlternateFileName="4C8F84~1")) returned 1 [0031.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.385] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.386] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.386] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.386] CloseHandle (hObject=0x48) returned 1 [0031.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.386] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.adv")) returned 1 [0031.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.387] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x680, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cAlternateFileName="4DD397~1")) returned 1 [0031.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.388] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x680, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x680, lpOverlapped=0x0) returned 1 [0031.389] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.389] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x680, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x680, lpOverlapped=0x0) returned 1 [0031.389] CloseHandle (hObject=0x48) returned 1 [0031.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.389] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.adv")) returned 1 [0031.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.390] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cAlternateFileName="5080DC~2")) returned 1 [0031.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.390] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2d7, lpOverlapped=0x0) returned 1 [0031.392] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.392] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2d7, lpOverlapped=0x0) returned 1 [0031.392] CloseHandle (hObject=0x48) returned 1 [0031.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.392] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.adv")) returned 1 [0031.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.393] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cAlternateFileName="5080DC~1")) returned 1 [0031.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.393] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2d7, lpOverlapped=0x0) returned 1 [0031.395] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.395] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2d7, lpOverlapped=0x0) returned 1 [0031.395] CloseHandle (hObject=0x48) returned 1 [0031.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.395] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.adv")) returned 1 [0031.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.396] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cAlternateFileName="5457A8~1")) returned 1 [0031.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.396] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.397] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.397] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.397] CloseHandle (hObject=0x48) returned 1 [0031.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.398] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.adv")) returned 1 [0031.398] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x32d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="696F3DE637E6DE85B458996D49D759AD", cAlternateFileName="696F3D~1")) returned 1 [0031.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.399] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x32d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x32d, lpOverlapped=0x0) returned 1 [0031.399] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.399] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x32d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x32d, lpOverlapped=0x0) returned 1 [0031.400] CloseHandle (hObject=0x48) returned 1 [0031.400] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.400] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad.adv")) returned 1 [0031.400] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.400] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.400] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cAlternateFileName="705A76~1")) returned 1 [0031.400] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.400] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.400] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.401] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x648, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x648, lpOverlapped=0x0) returned 1 [0031.402] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.402] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x648, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x648, lpOverlapped=0x0) returned 1 [0031.402] CloseHandle (hObject=0x48) returned 1 [0031.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.403] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.adv")) returned 1 [0031.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.403] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x22a, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7396C420A8E1BC1DA97F1AF0D10BAD21", cAlternateFileName="7396C4~1")) returned 1 [0031.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.404] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x22a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x22a, lpOverlapped=0x0) returned 1 [0031.404] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.404] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x22a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x22a, lpOverlapped=0x0) returned 1 [0031.405] CloseHandle (hObject=0x48) returned 1 [0031.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.405] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21.adv")) returned 1 [0031.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.406] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cAlternateFileName="7423F8~1")) returned 1 [0031.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.407] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.408] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.408] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.408] CloseHandle (hObject=0x48) returned 1 [0031.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.408] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.adv")) returned 1 [0031.409] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.409] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.409] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd0e4c510, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0031.409] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.409] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.409] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.410] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1fa, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1fa, lpOverlapped=0x0) returned 1 [0031.411] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.411] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1fa, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1fa, lpOverlapped=0x0) returned 1 [0031.411] CloseHandle (hObject=0x48) returned 1 [0031.411] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.411] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.adv")) returned 1 [0031.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.412] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x67c, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cAlternateFileName="7B8944~1")) returned 1 [0031.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.413] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x67c, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x67c, lpOverlapped=0x0) returned 1 [0031.414] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.414] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x67c, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x67c, lpOverlapped=0x0) returned 1 [0031.414] CloseHandle (hObject=0x48) returned 1 [0031.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.414] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.adv")) returned 1 [0031.415] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.415] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.415] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cAlternateFileName="7D266D~2")) returned 1 [0031.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.415] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.416] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.418] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.418] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.418] CloseHandle (hObject=0x48) returned 1 [0031.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.418] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.adv")) returned 1 [0031.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.419] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cAlternateFileName="7D266D~1")) returned 1 [0031.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.419] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.421] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.421] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.421] CloseHandle (hObject=0x48) returned 1 [0031.421] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.421] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.adv")) returned 1 [0031.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.422] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cAlternateFileName="8059E9~3")) returned 1 [0031.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.422] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.423] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.423] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.423] CloseHandle (hObject=0x48) returned 1 [0031.423] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.423] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.adv")) returned 1 [0031.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.424] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61210960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61210960, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cAlternateFileName="80273C~1")) returned 1 [0031.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.424] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.425] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.425] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.425] CloseHandle (hObject=0x48) returned 1 [0031.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.425] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.adv")) returned 1 [0031.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.426] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cAlternateFileName="8059E9~2")) returned 1 [0031.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.427] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.427] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.427] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.428] CloseHandle (hObject=0x48) returned 1 [0031.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.428] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.adv")) returned 1 [0031.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.428] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cAlternateFileName="809279~1")) returned 1 [0031.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.429] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.430] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.430] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.430] CloseHandle (hObject=0x48) returned 1 [0031.430] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.adv")) returned 1 [0031.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.430] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58394060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58394060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cAlternateFileName="8059E9~1")) returned 1 [0031.430] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.431] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.431] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.431] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.432] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.432] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.432] CloseHandle (hObject=0x48) returned 1 [0031.434] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.435] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.adv")) returned 1 [0031.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.435] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cAlternateFileName="80E4BE~1")) returned 1 [0031.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.436] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.437] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.437] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.438] CloseHandle (hObject=0x48) returned 1 [0031.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.438] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.adv")) returned 1 [0031.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.438] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cAlternateFileName="803B9E~1")) returned 1 [0031.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.439] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.440] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.440] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.440] CloseHandle (hObject=0x48) returned 1 [0031.440] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.440] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.adv")) returned 1 [0031.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.441] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cAlternateFileName="803D37~1")) returned 1 [0031.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.442] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.442] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.442] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.443] CloseHandle (hObject=0x48) returned 1 [0031.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.443] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.adv")) returned 1 [0031.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.443] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cAlternateFileName="8059E9~4")) returned 1 [0031.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.444] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.445] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.445] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.445] CloseHandle (hObject=0x48) returned 1 [0031.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.445] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.adv")) returned 1 [0031.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.445] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cAlternateFileName="800D31~1")) returned 1 [0031.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.446] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.447] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.447] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1cf, lpOverlapped=0x0) returned 1 [0031.447] CloseHandle (hObject=0x48) returned 1 [0031.447] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.447] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.adv")) returned 1 [0031.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.448] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x56e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cAlternateFileName="828298~1")) returned 1 [0031.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.448] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.448] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x56e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x56e, lpOverlapped=0x0) returned 1 [0031.450] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.450] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x56e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x56e, lpOverlapped=0x0) returned 1 [0031.450] CloseHandle (hObject=0x48) returned 1 [0031.450] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.450] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.adv")) returned 1 [0031.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.451] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cAlternateFileName="8828F3~1")) returned 1 [0031.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.451] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.453] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.453] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.453] CloseHandle (hObject=0x48) returned 1 [0031.453] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.454] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.adv")) returned 1 [0031.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.454] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cAlternateFileName="8828F3~2")) returned 1 [0031.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.454] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.455] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.456] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.457] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.457] CloseHandle (hObject=0x48) returned 1 [0031.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.457] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.adv")) returned 1 [0031.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.457] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x59d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cAlternateFileName="8E4E51~1")) returned 1 [0031.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.458] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.458] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.458] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x59d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x59d, lpOverlapped=0x0) returned 1 [0031.460] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.460] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x59d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x59d, lpOverlapped=0x0) returned 1 [0031.460] CloseHandle (hObject=0x48) returned 1 [0031.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.460] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.adv")) returned 1 [0031.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.460] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbddd270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd2da, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0031.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.461] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.461] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd2da, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xd2da, lpOverlapped=0x0) returned 1 [0031.466] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.466] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd2da, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xd2da, lpOverlapped=0x0) returned 1 [0031.467] CloseHandle (hObject=0x48) returned 1 [0031.467] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.467] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.adv")) returned 1 [0031.467] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.467] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.467] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5e0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cAlternateFileName="955CAB~1")) returned 1 [0031.467] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.467] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.467] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.468] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5e0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5e0, lpOverlapped=0x0) returned 1 [0031.477] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.477] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5e0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5e0, lpOverlapped=0x0) returned 1 [0031.477] CloseHandle (hObject=0x48) returned 1 [0031.477] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.477] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.adv")) returned 1 [0031.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.478] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ab, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cAlternateFileName="9BC2FF~1")) returned 1 [0031.478] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.478] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.479] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5ab, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5ab, lpOverlapped=0x0) returned 1 [0031.481] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.481] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5ab, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5ab, lpOverlapped=0x0) returned 1 [0031.481] CloseHandle (hObject=0x48) returned 1 [0031.481] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.481] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.adv")) returned 1 [0031.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.482] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cAlternateFileName="9C888B~1")) returned 1 [0031.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.483] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x652, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x652, lpOverlapped=0x0) returned 1 [0031.484] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.484] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x652, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x652, lpOverlapped=0x0) returned 1 [0031.484] CloseHandle (hObject=0x48) returned 1 [0031.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.485] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.adv")) returned 1 [0031.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.485] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cAlternateFileName="9C888B~2")) returned 1 [0031.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.485] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.485] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.486] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x652, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x652, lpOverlapped=0x0) returned 1 [0031.487] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.487] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x652, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x652, lpOverlapped=0x0) returned 1 [0031.487] CloseHandle (hObject=0x48) returned 1 [0031.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.487] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.adv")) returned 1 [0031.488] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.488] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.488] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cAlternateFileName="A9E4F7~1")) returned 1 [0031.488] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.488] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.488] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.489] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.490] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.490] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d7, lpOverlapped=0x0) returned 1 [0031.490] CloseHandle (hObject=0x48) returned 1 [0031.490] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.491] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.adv")) returned 1 [0031.491] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.491] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.491] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ee, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cAlternateFileName="ACF244~1")) returned 1 [0031.491] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.491] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.491] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.491] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.492] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5ee, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5ee, lpOverlapped=0x0) returned 1 [0031.493] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.493] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5ee, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5ee, lpOverlapped=0x0) returned 1 [0031.493] CloseHandle (hObject=0x48) returned 1 [0031.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.493] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.adv")) returned 1 [0031.494] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.494] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.494] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cAlternateFileName="B3BB9C~2")) returned 1 [0031.494] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.494] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.494] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.495] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x652, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x652, lpOverlapped=0x0) returned 1 [0031.497] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.497] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x652, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x652, lpOverlapped=0x0) returned 1 [0031.497] CloseHandle (hObject=0x48) returned 1 [0031.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.497] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.adv")) returned 1 [0031.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.498] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cAlternateFileName="B3BB9C~1")) returned 1 [0031.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.499] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x652, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x652, lpOverlapped=0x0) returned 1 [0031.500] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.500] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x652, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x652, lpOverlapped=0x0) returned 1 [0031.501] CloseHandle (hObject=0x48) returned 1 [0031.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.501] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.adv")) returned 1 [0031.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.501] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cAlternateFileName="BC570E~2")) returned 1 [0031.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.502] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5ed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5ed, lpOverlapped=0x0) returned 1 [0031.503] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.503] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5ed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5ed, lpOverlapped=0x0) returned 1 [0031.504] CloseHandle (hObject=0x48) returned 1 [0031.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.504] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.adv")) returned 1 [0031.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.504] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cAlternateFileName="BC570E~1")) returned 1 [0031.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.504] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.505] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5ed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5ed, lpOverlapped=0x0) returned 1 [0031.506] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.506] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5ed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5ed, lpOverlapped=0x0) returned 1 [0031.506] CloseHandle (hObject=0x48) returned 1 [0031.506] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.507] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.adv")) returned 1 [0031.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.507] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cAlternateFileName="C46E7B~2")) returned 1 [0031.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.508] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.509] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.509] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.509] CloseHandle (hObject=0x48) returned 1 [0031.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.509] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.adv")) returned 1 [0031.510] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.510] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.510] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cAlternateFileName="C46E7B~3")) returned 1 [0031.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.510] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.511] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.512] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.512] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.512] CloseHandle (hObject=0x48) returned 1 [0031.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.512] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.adv")) returned 1 [0031.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.513] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cAlternateFileName="C46E7B~1")) returned 1 [0031.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.513] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.515] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.515] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6e3, lpOverlapped=0x0) returned 1 [0031.515] CloseHandle (hObject=0x48) returned 1 [0031.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.515] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.adv")) returned 1 [0031.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.516] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5ae, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cAlternateFileName="D47DBD~2")) returned 1 [0031.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.517] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5ae, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5ae, lpOverlapped=0x0) returned 1 [0031.518] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.518] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5ae, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5ae, lpOverlapped=0x0) returned 1 [0031.518] CloseHandle (hObject=0x48) returned 1 [0031.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.518] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.adv")) returned 1 [0031.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.519] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x5ae, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cAlternateFileName="D47DBD~1")) returned 1 [0031.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.520] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5ae, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5ae, lpOverlapped=0x0) returned 1 [0031.521] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.521] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5ae, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5ae, lpOverlapped=0x0) returned 1 [0031.521] CloseHandle (hObject=0x48) returned 1 [0031.521] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.521] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.adv")) returned 1 [0031.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.522] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x663, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cAlternateFileName="D52C56~1")) returned 1 [0031.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.522] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x663, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x663, lpOverlapped=0x0) returned 1 [0031.524] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.524] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x663, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x663, lpOverlapped=0x0) returned 1 [0031.524] CloseHandle (hObject=0x48) returned 1 [0031.524] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.524] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.adv")) returned 1 [0031.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.525] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x64b, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cAlternateFileName="EA6180~1")) returned 1 [0031.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.526] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x64b, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x64b, lpOverlapped=0x0) returned 1 [0031.527] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.527] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x64b, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x64b, lpOverlapped=0x0) returned 1 [0031.527] CloseHandle (hObject=0x48) returned 1 [0031.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.527] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.adv")) returned 1 [0031.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.530] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x64c, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cAlternateFileName="F293AE~1")) returned 1 [0031.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.531] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x64c, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x64c, lpOverlapped=0x0) returned 1 [0031.533] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.533] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x64c, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x64c, lpOverlapped=0x0) returned 1 [0031.533] CloseHandle (hObject=0x48) returned 1 [0031.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5fe8 [0031.533] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.adv")) returned 1 [0031.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.534] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 1 [0031.534] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.534] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.534] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x226, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x226, lpOverlapped=0x0) returned 1 [0031.535] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.535] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x226, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x226, lpOverlapped=0x0) returned 1 [0031.535] CloseHandle (hObject=0x48) returned 1 [0031.535] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.535] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76.adv")) returned 1 [0031.535] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.535] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.535] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 0 [0031.536] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d40 | out: hHeap=0x6d0000) returned 1 [0031.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c48 | out: hHeap=0x6d0000) returned 1 [0031.536] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="MetaData", cAlternateFileName="")) returned 1 [0031.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ba0 [0031.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5c48 [0031.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ba0 | out: hHeap=0x6d0000) returned 1 [0031.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d40 [0031.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.536] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0031.536] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf9eaad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf9eaad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf9eaad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cAlternateFileName="024823~1")) returned 1 [0031.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.536] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.536] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x190, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x190, lpOverlapped=0x0) returned 1 [0031.537] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.537] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x190, lpOverlapped=0x0) returned 1 [0031.537] CloseHandle (hObject=0x48) returned 1 [0031.538] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.538] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.adv")) returned 1 [0031.538] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.538] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.538] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x166, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cAlternateFileName="0F1583~1")) returned 1 [0031.538] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.538] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.538] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.539] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x166, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x166, lpOverlapped=0x0) returned 1 [0031.540] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.540] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x166, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x166, lpOverlapped=0x0) returned 1 [0031.540] CloseHandle (hObject=0x48) returned 1 [0031.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.540] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.adv")) returned 1 [0031.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.541] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cAlternateFileName="1BB09B~1")) returned 1 [0031.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.541] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.542] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.542] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.542] CloseHandle (hObject=0x48) returned 1 [0031.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.542] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.adv")) returned 1 [0031.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.543] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="1DAF2884EC4DFA96BA4A58D4DBC9C406", cAlternateFileName="1DAF28~1")) returned 1 [0031.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.544] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10c, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x10c, lpOverlapped=0x0) returned 1 [0031.544] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.544] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10c, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x10c, lpOverlapped=0x0) returned 1 [0031.545] CloseHandle (hObject=0x48) returned 1 [0031.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.545] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406.adv")) returned 1 [0031.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.545] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="23B523C9E7746F715D33C6527C18EB9D", cAlternateFileName="23B523~1")) returned 1 [0031.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.546] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x124, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x124, lpOverlapped=0x0) returned 1 [0031.547] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.547] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x124, lpOverlapped=0x0) returned 1 [0031.547] CloseHandle (hObject=0x48) returned 1 [0031.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.547] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d.adv")) returned 1 [0031.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.547] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="3130B1871A126520A8C47861EFE3ED4D", cAlternateFileName="3130B1~1")) returned 1 [0031.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.548] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdc, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xdc, lpOverlapped=0x0) returned 1 [0031.549] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.549] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xdc, lpOverlapped=0x0) returned 1 [0031.549] CloseHandle (hObject=0x48) returned 1 [0031.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.549] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d.adv")) returned 1 [0031.550] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.550] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.550] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18a, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cAlternateFileName="3388EC~1")) returned 1 [0031.550] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.550] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.550] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.550] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18a, lpOverlapped=0x0) returned 1 [0031.551] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.551] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18a, lpOverlapped=0x0) returned 1 [0031.551] CloseHandle (hObject=0x48) returned 1 [0031.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.551] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.adv")) returned 1 [0031.554] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.554] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.554] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cAlternateFileName="40E450~1")) returned 1 [0031.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.554] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.555] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x190, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x190, lpOverlapped=0x0) returned 1 [0031.555] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.555] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x190, lpOverlapped=0x0) returned 1 [0031.556] CloseHandle (hObject=0x48) returned 1 [0031.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.556] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.adv")) returned 1 [0031.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.556] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cAlternateFileName="4C8F84~1")) returned 1 [0031.557] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.557] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.557] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.557] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1ae, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1ae, lpOverlapped=0x0) returned 1 [0031.558] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.558] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1ae, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1ae, lpOverlapped=0x0) returned 1 [0031.558] CloseHandle (hObject=0x48) returned 1 [0031.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.558] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.adv")) returned 1 [0031.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.559] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cAlternateFileName="4DD397~1")) returned 1 [0031.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.559] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.559] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.561] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.561] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.561] CloseHandle (hObject=0x48) returned 1 [0031.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.561] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.adv")) returned 1 [0031.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.562] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cAlternateFileName="5080DC~2")) returned 1 [0031.562] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.562] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.562] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.563] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.563] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.563] CloseHandle (hObject=0x48) returned 1 [0031.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.563] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.adv")) returned 1 [0031.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.564] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cAlternateFileName="5080DC~1")) returned 1 [0031.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.565] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x190, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x190, lpOverlapped=0x0) returned 1 [0031.565] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.565] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x190, lpOverlapped=0x0) returned 1 [0031.566] CloseHandle (hObject=0x48) returned 1 [0031.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.566] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.adv")) returned 1 [0031.566] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.566] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.566] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cAlternateFileName="5457A8~1")) returned 1 [0031.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.568] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.568] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.569] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.569] CloseHandle (hObject=0x48) returned 1 [0031.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.569] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.adv")) returned 1 [0031.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.569] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0xf4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="696F3DE637E6DE85B458996D49D759AD", cAlternateFileName="696F3D~1")) returned 1 [0031.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.570] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf4, lpOverlapped=0x0) returned 1 [0031.570] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.571] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf4, lpOverlapped=0x0) returned 1 [0031.571] CloseHandle (hObject=0x48) returned 1 [0031.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.571] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad.adv")) returned 1 [0031.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cAlternateFileName="705A76~1")) returned 1 [0031.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.572] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.573] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.573] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.573] CloseHandle (hObject=0x48) returned 1 [0031.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.573] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.adv")) returned 1 [0031.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.574] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7396C420A8E1BC1DA97F1AF0D10BAD21", cAlternateFileName="7396C4~1")) returned 1 [0031.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.575] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x100, lpOverlapped=0x0) returned 1 [0031.576] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.576] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x100, lpOverlapped=0x0) returned 1 [0031.576] CloseHandle (hObject=0x48) returned 1 [0031.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.576] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21.adv")) returned 1 [0031.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.577] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1b2, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cAlternateFileName="7423F8~1")) returned 1 [0031.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.577] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1b2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1b2, lpOverlapped=0x0) returned 1 [0031.578] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.578] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1b2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1b2, lpOverlapped=0x0) returned 1 [0031.579] CloseHandle (hObject=0x48) returned 1 [0031.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.579] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.adv")) returned 1 [0031.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.579] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd48e2bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0031.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.580] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.580] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdc, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xdc, lpOverlapped=0x0) returned 1 [0031.581] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.581] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xdc, lpOverlapped=0x0) returned 1 [0031.581] CloseHandle (hObject=0x48) returned 1 [0031.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.581] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.adv")) returned 1 [0031.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.582] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cAlternateFileName="7B8944~1")) returned 1 [0031.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.583] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.583] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.584] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.584] CloseHandle (hObject=0x48) returned 1 [0031.584] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.584] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.adv")) returned 1 [0031.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.584] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cAlternateFileName="7D266D~2")) returned 1 [0031.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.585] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.586] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.586] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.586] CloseHandle (hObject=0x48) returned 1 [0031.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.586] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.adv")) returned 1 [0031.587] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.587] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.587] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cAlternateFileName="7D266D~1")) returned 1 [0031.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.587] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.587] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x198, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x198, lpOverlapped=0x0) returned 1 [0031.588] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.588] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x198, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x198, lpOverlapped=0x0) returned 1 [0031.588] CloseHandle (hObject=0x48) returned 1 [0031.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.588] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.adv")) returned 1 [0031.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.589] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cAlternateFileName="8059E9~3")) returned 1 [0031.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.590] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.591] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.591] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.591] CloseHandle (hObject=0x48) returned 1 [0031.592] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.592] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.adv")) returned 1 [0031.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.592] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x611ea800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x611ea800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cAlternateFileName="80273C~1")) returned 1 [0031.592] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.592] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.593] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.593] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.594] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.594] CloseHandle (hObject=0x48) returned 1 [0031.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.596] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.adv")) returned 1 [0031.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.597] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cAlternateFileName="8059E9~2")) returned 1 [0031.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.597] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.598] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.598] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.598] CloseHandle (hObject=0x48) returned 1 [0031.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.598] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.adv")) returned 1 [0031.599] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.599] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.599] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cAlternateFileName="809279~1")) returned 1 [0031.599] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.599] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.599] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.599] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.601] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.601] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.601] CloseHandle (hObject=0x48) returned 1 [0031.601] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.601] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.adv")) returned 1 [0031.601] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.601] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.602] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5836df00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5836df00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cAlternateFileName="8059E9~1")) returned 1 [0031.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.602] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.603] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.603] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.603] CloseHandle (hObject=0x48) returned 1 [0031.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.603] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.adv")) returned 1 [0031.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.604] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cAlternateFileName="80E4BE~1")) returned 1 [0031.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.604] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.605] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.605] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.605] CloseHandle (hObject=0x48) returned 1 [0031.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.605] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.adv")) returned 1 [0031.606] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.606] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.606] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cAlternateFileName="803B9E~1")) returned 1 [0031.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.606] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.606] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.607] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.607] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.607] CloseHandle (hObject=0x48) returned 1 [0031.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.608] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.adv")) returned 1 [0031.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.608] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cAlternateFileName="803D37~1")) returned 1 [0031.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.609] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.610] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.610] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.610] CloseHandle (hObject=0x48) returned 1 [0031.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.610] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.adv")) returned 1 [0031.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.611] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cAlternateFileName="8059E9~4")) returned 1 [0031.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.611] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.611] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.612] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.612] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.612] CloseHandle (hObject=0x48) returned 1 [0031.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.612] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.adv")) returned 1 [0031.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.613] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cAlternateFileName="800D31~1")) returned 1 [0031.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.613] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.614] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.614] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.614] CloseHandle (hObject=0x48) returned 1 [0031.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.615] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.adv")) returned 1 [0031.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.615] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x180, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cAlternateFileName="828298~1")) returned 1 [0031.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.616] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x180, lpOverlapped=0x0) returned 1 [0031.617] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.617] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x180, lpOverlapped=0x0) returned 1 [0031.617] CloseHandle (hObject=0x48) returned 1 [0031.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.617] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.adv")) returned 1 [0031.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.618] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cAlternateFileName="8828F3~1")) returned 1 [0031.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.618] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x188, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x188, lpOverlapped=0x0) returned 1 [0031.619] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.619] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x188, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x188, lpOverlapped=0x0) returned 1 [0031.619] CloseHandle (hObject=0x48) returned 1 [0031.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.619] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.adv")) returned 1 [0031.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.620] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cAlternateFileName="8828F3~2")) returned 1 [0031.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.621] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x188, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x188, lpOverlapped=0x0) returned 1 [0031.621] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.622] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x188, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x188, lpOverlapped=0x0) returned 1 [0031.622] CloseHandle (hObject=0x48) returned 1 [0031.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.622] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.adv")) returned 1 [0031.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.622] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x196, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cAlternateFileName="8E4E51~1")) returned 1 [0031.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.624] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x196, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x196, lpOverlapped=0x0) returned 1 [0031.625] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.625] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x196, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x196, lpOverlapped=0x0) returned 1 [0031.625] CloseHandle (hObject=0x48) returned 1 [0031.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.625] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.adv")) returned 1 [0031.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.626] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbf0dd70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0031.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.626] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x156, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x156, lpOverlapped=0x0) returned 1 [0031.627] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.627] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x156, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x156, lpOverlapped=0x0) returned 1 [0031.627] CloseHandle (hObject=0x48) returned 1 [0031.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.627] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.adv")) returned 1 [0031.628] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.628] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.628] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cAlternateFileName="955CAB~1")) returned 1 [0031.628] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.628] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.628] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.628] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.629] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.629] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.629] CloseHandle (hObject=0x48) returned 1 [0031.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.630] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.adv")) returned 1 [0031.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.630] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cAlternateFileName="9BC2FF~1")) returned 1 [0031.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.631] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.632] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.632] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x186, lpOverlapped=0x0) returned 1 [0031.632] CloseHandle (hObject=0x48) returned 1 [0031.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.632] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.adv")) returned 1 [0031.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.633] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cAlternateFileName="9C888B~1")) returned 1 [0031.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.633] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.634] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.634] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.634] CloseHandle (hObject=0x48) returned 1 [0031.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.634] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.adv")) returned 1 [0031.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.635] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cAlternateFileName="9C888B~2")) returned 1 [0031.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.635] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.636] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.636] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x182, lpOverlapped=0x0) returned 1 [0031.636] CloseHandle (hObject=0x48) returned 1 [0031.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.636] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.adv")) returned 1 [0031.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.637] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cAlternateFileName="A9E4F7~1")) returned 1 [0031.637] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.637] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.637] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1ae, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1ae, lpOverlapped=0x0) returned 1 [0031.638] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.639] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1ae, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1ae, lpOverlapped=0x0) returned 1 [0031.639] CloseHandle (hObject=0x48) returned 1 [0031.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.639] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.adv")) returned 1 [0031.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.639] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cAlternateFileName="ACF244~1")) returned 1 [0031.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.640] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1ec, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1ec, lpOverlapped=0x0) returned 1 [0031.641] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.641] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1ec, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1ec, lpOverlapped=0x0) returned 1 [0031.641] CloseHandle (hObject=0x48) returned 1 [0031.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.641] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.adv")) returned 1 [0031.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.642] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cAlternateFileName="B3BB9C~2")) returned 1 [0031.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.643] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1a0, lpOverlapped=0x0) returned 1 [0031.644] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.644] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1a0, lpOverlapped=0x0) returned 1 [0031.644] CloseHandle (hObject=0x48) returned 1 [0031.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.644] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.adv")) returned 1 [0031.647] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.647] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.647] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cAlternateFileName="B3BB9C~1")) returned 1 [0031.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.647] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.647] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1a0, lpOverlapped=0x0) returned 1 [0031.648] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.648] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1a0, lpOverlapped=0x0) returned 1 [0031.648] CloseHandle (hObject=0x48) returned 1 [0031.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.649] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.adv")) returned 1 [0031.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.649] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cAlternateFileName="BC570E~2")) returned 1 [0031.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.650] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x204, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x204, lpOverlapped=0x0) returned 1 [0031.651] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.651] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x204, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x204, lpOverlapped=0x0) returned 1 [0031.651] CloseHandle (hObject=0x48) returned 1 [0031.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.652] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.adv")) returned 1 [0031.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.652] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cAlternateFileName="BC570E~1")) returned 1 [0031.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.653] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x204, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x204, lpOverlapped=0x0) returned 1 [0031.654] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.654] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x204, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x204, lpOverlapped=0x0) returned 1 [0031.654] CloseHandle (hObject=0x48) returned 1 [0031.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.655] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.adv")) returned 1 [0031.656] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.656] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.656] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cAlternateFileName="C46E7B~2")) returned 1 [0031.656] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.656] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.656] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.656] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x192, lpOverlapped=0x0) returned 1 [0031.657] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.657] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x192, lpOverlapped=0x0) returned 1 [0031.657] CloseHandle (hObject=0x48) returned 1 [0031.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.657] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.adv")) returned 1 [0031.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.658] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cAlternateFileName="C46E7B~3")) returned 1 [0031.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.658] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.659] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.659] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.660] CloseHandle (hObject=0x48) returned 1 [0031.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.660] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.adv")) returned 1 [0031.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.660] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cAlternateFileName="C46E7B~1")) returned 1 [0031.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.660] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.661] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.662] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.662] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.662] CloseHandle (hObject=0x48) returned 1 [0031.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.662] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.adv")) returned 1 [0031.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.663] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cAlternateFileName="D47DBD~2")) returned 1 [0031.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.663] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.664] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.664] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x194, lpOverlapped=0x0) returned 1 [0031.664] CloseHandle (hObject=0x48) returned 1 [0031.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.664] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.adv")) returned 1 [0031.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.665] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cAlternateFileName="D47DBD~1")) returned 1 [0031.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.666] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x198, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x198, lpOverlapped=0x0) returned 1 [0031.666] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.667] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x198, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x198, lpOverlapped=0x0) returned 1 [0031.667] CloseHandle (hObject=0x48) returned 1 [0031.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.667] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.adv")) returned 1 [0031.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.667] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cAlternateFileName="D52C56~1")) returned 1 [0031.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.668] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1a4, lpOverlapped=0x0) returned 1 [0031.669] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.669] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1a4, lpOverlapped=0x0) returned 1 [0031.670] CloseHandle (hObject=0x48) returned 1 [0031.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.670] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.adv")) returned 1 [0031.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.670] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cAlternateFileName="EA6180~1")) returned 1 [0031.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.671] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.672] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.672] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18e, lpOverlapped=0x0) returned 1 [0031.672] CloseHandle (hObject=0x48) returned 1 [0031.672] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.adv")) returned 1 [0031.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.673] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cAlternateFileName="F293AE~1")) returned 1 [0031.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5eb0 [0031.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.673] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1a0, lpOverlapped=0x0) returned 1 [0031.674] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.674] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1a0, lpOverlapped=0x0) returned 1 [0031.674] CloseHandle (hObject=0x48) returned 1 [0031.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5fe8 [0031.674] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.adv")) returned 1 [0031.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0031.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.675] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 1 [0031.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.675] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfc, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xfc, lpOverlapped=0x0) returned 1 [0031.676] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.676] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xfc, lpOverlapped=0x0) returned 1 [0031.676] CloseHandle (hObject=0x48) returned 1 [0031.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5fc0 [0031.676] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76.adv")) returned 1 [0031.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.677] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 0 [0031.677] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d40 | out: hHeap=0x6d0000) returned 1 [0031.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c48 | out: hHeap=0x6d0000) returned 1 [0031.677] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="MetaData", cAlternateFileName="")) returned 0 [0031.677] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.678] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5af8 | out: hHeap=0x6d0000) returned 1 [0031.678] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a30 | out: hHeap=0x6d0000) returned 1 [0031.678] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="IME12", cAlternateFileName="")) returned 1 [0031.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e59a8 [0031.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5a30 [0031.678] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5ab8 [0031.678] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a30 | out: hHeap=0x6d0000) returned 1 [0031.678] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.679] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0031.679] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 0 [0031.679] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.679] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab8 | out: hHeap=0x6d0000) returned 1 [0031.679] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59a8 | out: hHeap=0x6d0000) returned 1 [0031.679] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0031.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e59a8 [0031.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5a30 [0031.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5ab8 [0031.679] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a30 | out: hHeap=0x6d0000) returned 1 [0031.679] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.679] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0031.679] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 0 [0031.679] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab8 | out: hHeap=0x6d0000) returned 1 [0031.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59a8 | out: hHeap=0x6d0000) returned 1 [0031.680] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0031.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e59a8 [0031.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5a30 [0031.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59a8 | out: hHeap=0x6d0000) returned 1 [0031.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5af8 [0031.680] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.680] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0031.680] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 0 [0031.680] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5af8 | out: hHeap=0x6d0000) returned 1 [0031.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a30 | out: hHeap=0x6d0000) returned 1 [0031.680] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0031.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e59a8 [0031.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5a30 [0031.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59a8 | out: hHeap=0x6d0000) returned 1 [0031.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5af8 [0031.680] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.680] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0031.680] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 0 [0031.680] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5af8 | out: hHeap=0x6d0000) returned 1 [0031.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a30 | out: hHeap=0x6d0000) returned 1 [0031.681] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0031.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e59a8 [0031.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5a30 [0031.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59a8 | out: hHeap=0x6d0000) returned 1 [0031.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5af8 [0031.681] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.681] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0031.681] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="DOMStore", cAlternateFileName="")) returned 1 [0031.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ba0 [0031.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5c48 [0031.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ba0 | out: hHeap=0x6d0000) returned 1 [0031.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d40 [0031.681] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.681] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName="..", cAlternateFileName="")) returned 1 [0031.681] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName="36USA68T", cAlternateFileName="")) returned 1 [0031.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5fc0 [0031.681] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x510b3550, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.682] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x510b3550, cFileName="..", cAlternateFileName="")) returned 1 [0031.682] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b05050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x1d2dd9e, dwReserved1=0x510b3550, cFileName="imagesrv.adition[1].xml", cAlternateFileName="IMAGES~1.XML")) returned 1 [0031.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e6088 [0031.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e6150 [0031.682] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6088 | out: hHeap=0x6d0000) returned 1 [0031.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0031.682] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xd, lpOverlapped=0x0) returned 1 [0031.683] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.683] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xd, lpOverlapped=0x0) returned 1 [0031.683] CloseHandle (hObject=0x4c) returned 1 [0031.683] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e6278 [0031.683] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml.adv")) returned 1 [0031.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6278 | out: hHeap=0x6d0000) returned 1 [0031.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6150 | out: hHeap=0x6d0000) returned 1 [0031.684] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b05050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x1d2dd9e, dwReserved1=0x510b3550, cFileName="imagesrv.adition[1].xml", cAlternateFileName="IMAGES~1.XML")) returned 0 [0031.684] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.684] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName="3O75JDME", cAlternateFileName="")) returned 1 [0031.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5fc0 [0031.684] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x510b3550, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.685] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x510b3550, cFileName="..", cAlternateFileName="")) returned 1 [0031.685] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605dd8a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x696aec80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x1d2dd9e, dwReserved1=0x510b3550, cFileName="www.google[1].xml", cAlternateFileName="WWWGOO~1.XML")) returned 1 [0031.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e6088 [0031.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e6150 [0031.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6088 | out: hHeap=0x6d0000) returned 1 [0031.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0031.687] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xd, lpOverlapped=0x0) returned 1 [0031.688] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.688] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xd, lpOverlapped=0x0) returned 1 [0031.688] CloseHandle (hObject=0x4c) returned 1 [0031.688] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e6278 [0031.688] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml.adv")) returned 1 [0031.688] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6278 | out: hHeap=0x6d0000) returned 1 [0031.688] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6150 | out: hHeap=0x6d0000) returned 1 [0031.688] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605dd8a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x696aec80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x1d2dd9e, dwReserved1=0x510b3550, cFileName="www.google[1].xml", cAlternateFileName="WWWGOO~1.XML")) returned 0 [0031.688] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.688] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.688] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.689] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0031.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.689] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x8000, lpOverlapped=0x0) returned 1 [0031.691] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.691] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x8000, lpOverlapped=0x0) returned 1 [0031.691] CloseHandle (hObject=0x48) returned 1 [0031.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5fc0 [0031.691] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat.adv")) returned 1 [0031.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.692] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName="UV0DUWVB", cAlternateFileName="")) returned 1 [0031.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5fc0 [0031.692] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xcf, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.692] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xcf, cFileName="..", cAlternateFileName="")) returned 1 [0031.692] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xcf, cFileName="..", cAlternateFileName="")) returned 0 [0031.692] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.692] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName="VGMTOI09", cAlternateFileName="")) returned 1 [0031.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0031.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5eb0 [0031.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5fc0 [0031.692] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xcf, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.692] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xcf, cFileName="..", cAlternateFileName="")) returned 1 [0031.692] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x344, dwReserved0=0x0, dwReserved1=0xcf, cFileName="www.msn[1].xml", cAlternateFileName="WWWMSN~1.XML")) returned 1 [0031.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e6088 [0031.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e6150 [0031.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6088 | out: hHeap=0x6d0000) returned 1 [0031.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0031.693] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x344, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x344, lpOverlapped=0x0) returned 1 [0031.694] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.694] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x344, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x344, lpOverlapped=0x0) returned 1 [0031.695] CloseHandle (hObject=0x4c) returned 1 [0031.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6278 [0031.695] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml.adv")) returned 1 [0031.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6278 | out: hHeap=0x6d0000) returned 1 [0031.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6150 | out: hHeap=0x6d0000) returned 1 [0031.695] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x344, dwReserved0=0x0, dwReserved1=0xcf, cFileName="www.msn[1].xml", cAlternateFileName="WWWMSN~1.XML")) returned 0 [0031.695] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc0 | out: hHeap=0x6d0000) returned 1 [0031.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb0 | out: hHeap=0x6d0000) returned 1 [0031.695] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName="VGMTOI09", cAlternateFileName="")) returned 0 [0031.695] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d40 | out: hHeap=0x6d0000) returned 1 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c48 | out: hHeap=0x6d0000) returned 1 [0031.696] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="Services", cAlternateFileName="")) returned 1 [0031.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ba0 [0031.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5c48 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ba0 | out: hHeap=0x6d0000) returned 1 [0031.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d40 [0031.696] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.696] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName="..", cAlternateFileName="")) returned 1 [0031.696] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x5616fca0, cFileName="..", cAlternateFileName="")) returned 0 [0031.696] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d40 | out: hHeap=0x6d0000) returned 1 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c48 | out: hHeap=0x6d0000) returned 1 [0031.696] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xcd708940, cFileName="Services", cAlternateFileName="")) returned 0 [0031.696] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5af8 | out: hHeap=0x6d0000) returned 1 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a30 | out: hHeap=0x6d0000) returned 1 [0031.696] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 0 [0031.696] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5920 | out: hHeap=0x6d0000) returned 1 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5888 | out: hHeap=0x6d0000) returned 1 [0031.696] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Sun", cAlternateFileName="")) returned 1 [0031.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e5788 [0031.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5888 [0031.696] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5788 | out: hHeap=0x6d0000) returned 1 [0031.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5920 [0031.696] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0031.697] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="..", cAlternateFileName="")) returned 1 [0031.697] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="Java", cAlternateFileName="")) returned 1 [0031.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5998 [0031.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5a10 [0031.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a88 [0031.697] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a10 | out: hHeap=0x6d0000) returned 1 [0031.697] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x68cb4a40, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0031.698] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x68cb4a40, cFileName="..", cAlternateFileName="")) returned 1 [0031.698] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x68cb4a40, cFileName="AU", cAlternateFileName="")) returned 1 [0031.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5a10 [0031.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5b38 [0031.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a10 | out: hHeap=0x6d0000) returned 1 [0031.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5be8 [0031.698] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.699] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="..", cAlternateFileName="")) returned 1 [0031.699] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8e062, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="au.cab", cAlternateFileName="")) returned 1 [0031.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5c70 [0031.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5cf8 [0031.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0031.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.700] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8e062, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x8e062, lpOverlapped=0x0) returned 1 [0031.707] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.707] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8e062, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x8e062, lpOverlapped=0x0) returned 1 [0031.708] CloseHandle (hObject=0x48) returned 1 [0031.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5dc0 [0031.709] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab.adv")) returned 1 [0031.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0031.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5cf8 | out: hHeap=0x6d0000) returned 1 [0031.709] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d400, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="au.msi", cAlternateFileName="")) returned 1 [0031.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5c70 [0031.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5cf8 [0031.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0031.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.710] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d400, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2d400, lpOverlapped=0x0) returned 1 [0031.713] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.713] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d400, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2d400, lpOverlapped=0x0) returned 1 [0031.713] CloseHandle (hObject=0x48) returned 1 [0031.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5dc0 [0031.713] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi.adv")) returned 1 [0031.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0031.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5cf8 | out: hHeap=0x6d0000) returned 1 [0031.714] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d400, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="au.msi", cAlternateFileName="")) returned 0 [0031.714] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5be8 | out: hHeap=0x6d0000) returned 1 [0031.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b38 | out: hHeap=0x6d0000) returned 1 [0031.714] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x68cb4a40, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0031.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5a10 [0031.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5b38 [0031.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a10 | out: hHeap=0x6d0000) returned 1 [0031.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5be8 [0031.714] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.714] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="..", cAlternateFileName="")) returned 1 [0031.714] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1ea6db0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xfec5c570, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2cf, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="deployment.properties", cAlternateFileName="DEPLOY~1.PRO")) returned 1 [0031.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5c80 [0031.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5d18 [0031.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c80 | out: hHeap=0x6d0000) returned 1 [0031.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.715] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2cf, lpOverlapped=0x0) returned 1 [0031.716] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0031.717] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2cf, lpOverlapped=0x0) returned 1 [0031.717] CloseHandle (hObject=0x48) returned 1 [0031.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5df8 [0031.717] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties.adv")) returned 1 [0031.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0031.718] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="security", cAlternateFileName="")) returned 1 [0031.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5c80 [0031.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5d18 [0031.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c80 | out: hHeap=0x6d0000) returned 1 [0031.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5df8 [0031.718] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10c, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.718] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10c, cFileName="..", cAlternateFileName="")) returned 1 [0031.718] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10c, cFileName="..", cAlternateFileName="")) returned 0 [0031.718] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0031.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0031.718] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="tmp", cAlternateFileName="")) returned 1 [0031.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5c80 [0031.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d18 [0031.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5db0 [0031.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0031.718] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10c, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0031.719] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10c, cFileName="..", cAlternateFileName="")) returned 1 [0031.719] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfaeead90, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10c, cFileName="si", cAlternateFileName="")) returned 1 [0031.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d18 [0031.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5e90 [0031.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0031.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5f70 [0031.719] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0031.719] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="..", cAlternateFileName="")) returned 1 [0031.719] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="..", cAlternateFileName="")) returned 0 [0031.719] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0031.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f70 | out: hHeap=0x6d0000) returned 1 [0031.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e90 | out: hHeap=0x6d0000) returned 1 [0031.719] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfaeead90, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10c, cFileName="si", cAlternateFileName="")) returned 0 [0031.719] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0031.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5db0 | out: hHeap=0x6d0000) returned 1 [0031.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c80 | out: hHeap=0x6d0000) returned 1 [0031.719] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="tmp", cAlternateFileName="")) returned 0 [0031.719] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0031.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5be8 | out: hHeap=0x6d0000) returned 1 [0031.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b38 | out: hHeap=0x6d0000) returned 1 [0031.720] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x68cb4a40, cFileName="jre1.7.0_45", cAlternateFileName="JRE17~1.0_4")) returned 1 [0031.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5a10 [0031.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5b38 [0031.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a10 | out: hHeap=0x6d0000) returned 1 [0031.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5be8 [0031.720] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0031.720] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="..", cAlternateFileName="")) returned 1 [0031.720] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x182ac2a, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="Data1.cab", cAlternateFileName="")) returned 1 [0031.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5c80 [0031.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5d18 [0031.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c80 | out: hHeap=0x6d0000) returned 1 [0031.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0031.722] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x182ac2a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x182ac2a, lpOverlapped=0x0) returned 1 [0032.777] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0032.778] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x182ac2a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x182ac2a, lpOverlapped=0x0) returned 1 [0033.286] CloseHandle (hObject=0x48) returned 1 [0033.286] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0033.286] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab.adv")) returned 1 [0033.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0033.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.288] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68d26e60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xdd600, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="jre1.7.0_45.msi", cAlternateFileName="JRE170~1.MSI")) returned 1 [0033.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5c80 [0033.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5d18 [0033.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c80 | out: hHeap=0x6d0000) returned 1 [0033.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.289] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd600, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xdd600, lpOverlapped=0x0) returned 1 [0033.298] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.298] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd600, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xdd600, lpOverlapped=0x0) returned 1 [0033.300] CloseHandle (hObject=0x48) returned 1 [0033.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5df8 [0033.300] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi.adv")) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df8 | out: hHeap=0x6d0000) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.301] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68d26e60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xdd600, dwReserved0=0x1d2e627, dwReserved1=0xa1dc2570, cFileName="jre1.7.0_45.msi", cAlternateFileName="JRE170~1.MSI")) returned 0 [0033.301] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5be8 | out: hHeap=0x6d0000) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b38 | out: hHeap=0x6d0000) returned 1 [0033.301] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x68cb4a40, cFileName="jre1.7.0_45", cAlternateFileName="JRE17~1.0_4")) returned 0 [0033.301] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a88 | out: hHeap=0x6d0000) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5998 | out: hHeap=0x6d0000) returned 1 [0033.301] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x68cb4a40, cFileName="Java", cAlternateFileName="")) returned 0 [0033.301] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5920 | out: hHeap=0x6d0000) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5888 | out: hHeap=0x6d0000) returned 1 [0033.301] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Sun", cAlternateFileName="")) returned 0 [0033.301] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c0 | out: hHeap=0x6d0000) returned 1 [0033.302] FindNextFileW (in: hFindFile=0x6e1f60, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa0417290, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa0417290, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="Roaming", cAlternateFileName="")) returned 1 [0033.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2068 [0033.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e20c0 [0033.302] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0033.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e5788 [0033.302] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa0417290, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa0417290, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0033.302] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa0417290, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa0417290, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.302] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b4953a0, ftCreationTime.dwHighDateTime=0x1d5c2e1, ftLastAccessTime.dwLowDateTime=0x68d77160, ftLastAccessTime.dwHighDateTime=0x1d5b9d5, ftLastWriteTime.dwLowDateTime=0x68d77160, ftLastWriteTime.dwHighDateTime=0x1d5b9d5, nFileSizeHigh=0x0, nFileSizeLow=0x6a12, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="5P0Ka.jpg", cAlternateFileName="")) returned 1 [0033.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.302] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5P0Ka.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5p0ka.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.302] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6a12, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x6a12, lpOverlapped=0x0) returned 1 [0033.303] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.303] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6a12, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x6a12, lpOverlapped=0x0) returned 1 [0033.303] CloseHandle (hObject=0x3c) returned 1 [0033.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.303] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5P0Ka.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5p0ka.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5P0Ka.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5p0ka.jpg.adv")) returned 1 [0033.304] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.304] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.304] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5564cac0, ftCreationTime.dwHighDateTime=0x1d5c0ff, ftLastAccessTime.dwLowDateTime=0x34956a50, ftLastAccessTime.dwHighDateTime=0x1d5c476, ftLastWriteTime.dwLowDateTime=0x34956a50, ftLastWriteTime.dwHighDateTime=0x1d5c476, nFileSizeHigh=0x0, nFileSizeLow=0x5fcb, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="7TSrFCJ-061A4 FQ0HsT.mp3", cAlternateFileName="7TSRFC~1.MP3")) returned 1 [0033.304] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.304] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5858 [0033.304] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7TSrFCJ-061A4 FQ0HsT.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7tsrfcj-061a4 fq0hst.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.305] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5fcb, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x5fcb, lpOverlapped=0x0) returned 1 [0033.306] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.306] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5fcb, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x5fcb, lpOverlapped=0x0) returned 1 [0033.306] CloseHandle (hObject=0x3c) returned 1 [0033.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e58f0 [0033.306] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7TSrFCJ-061A4 FQ0HsT.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7tsrfcj-061a4 fq0hst.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7TSrFCJ-061A4 FQ0HsT.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7tsrfcj-061a4 fq0hst.mp3.adv")) returned 1 [0033.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.307] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x78fefcc0, ftCreationTime.dwHighDateTime=0x1d5c132, ftLastAccessTime.dwLowDateTime=0xf605d290, ftLastAccessTime.dwHighDateTime=0x1d5c10d, ftLastWriteTime.dwLowDateTime=0xf605d290, ftLastWriteTime.dwHighDateTime=0x1d5c10d, nFileSizeHigh=0x0, nFileSizeLow=0x8e89, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="A9ZVqtjMBRCQ9 8-SDls.mp3", cAlternateFileName="A9ZVQT~1.MP3")) returned 1 [0033.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5858 [0033.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A9ZVqtjMBRCQ9 8-SDls.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a9zvqtjmbrcq9 8-sdls.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.307] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8e89, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x8e89, lpOverlapped=0x0) returned 1 [0033.308] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.308] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8e89, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x8e89, lpOverlapped=0x0) returned 1 [0033.308] CloseHandle (hObject=0x3c) returned 1 [0033.308] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e58f0 [0033.308] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A9ZVqtjMBRCQ9 8-SDls.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a9zvqtjmbrcq9 8-sdls.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A9ZVqtjMBRCQ9 8-SDls.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a9zvqtjmbrcq9 8-sdls.mp3.adv")) returned 1 [0033.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.309] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Adobe", cAlternateFileName="")) returned 1 [0033.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0033.311] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="..", cAlternateFileName="")) returned 1 [0033.311] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0033.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5968 [0033.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e59e0 [0033.311] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5968 | out: hHeap=0x6d0000) returned 1 [0033.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5a90 [0033.311] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.311] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0033.311] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="10.0", cAlternateFileName="")) returned 1 [0033.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5b18 [0033.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5ba0 [0033.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b18 | out: hHeap=0x6d0000) returned 1 [0033.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5c68 [0033.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.312] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="..", cAlternateFileName="")) returned 1 [0033.312] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="Collab", cAlternateFileName="")) returned 1 [0033.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d00 [0033.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d98 [0033.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5e30 [0033.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d98 | out: hHeap=0x6d0000) returned 1 [0033.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.312] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="..", cAlternateFileName="")) returned 1 [0033.312] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="..", cAlternateFileName="")) returned 0 [0033.312] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e30 | out: hHeap=0x6d0000) returned 1 [0033.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d00 | out: hHeap=0x6d0000) returned 1 [0033.312] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="Forms", cAlternateFileName="")) returned 1 [0033.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d00 [0033.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d98 [0033.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5e30 [0033.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d98 | out: hHeap=0x6d0000) returned 1 [0033.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.313] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="..", cAlternateFileName="")) returned 1 [0033.313] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="..", cAlternateFileName="")) returned 0 [0033.313] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e30 | out: hHeap=0x6d0000) returned 1 [0033.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d00 | out: hHeap=0x6d0000) returned 1 [0033.313] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="JavaScripts", cAlternateFileName="JAVASC~1")) returned 1 [0033.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d00 [0033.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5d98 [0033.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d00 | out: hHeap=0x6d0000) returned 1 [0033.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5e78 [0033.313] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.313] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="..", cAlternateFileName="")) returned 1 [0033.313] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="glob.js", cAlternateFileName="")) returned 1 [0033.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5f20 [0033.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5fc8 [0033.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f20 | out: hHeap=0x6d0000) returned 1 [0033.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.314] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.314] CloseHandle (hObject=0x4c) returned 1 [0033.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e60c0 [0033.314] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js.adv")) returned 1 [0033.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c0 | out: hHeap=0x6d0000) returned 1 [0033.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc8 | out: hHeap=0x6d0000) returned 1 [0033.314] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="glob.settings.js", cAlternateFileName="GLOBSE~1.JS")) returned 1 [0033.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5f20 [0033.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5fc8 [0033.315] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f20 | out: hHeap=0x6d0000) returned 1 [0033.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.315] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xa, lpOverlapped=0x0) returned 1 [0033.316] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.316] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xa, lpOverlapped=0x0) returned 1 [0033.316] CloseHandle (hObject=0x4c) returned 1 [0033.316] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e60c0 [0033.316] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.adv")) returned 1 [0033.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c0 | out: hHeap=0x6d0000) returned 1 [0033.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc8 | out: hHeap=0x6d0000) returned 1 [0033.317] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="glob.settings.js", cAlternateFileName="GLOBSE~1.JS")) returned 0 [0033.317] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e78 | out: hHeap=0x6d0000) returned 1 [0033.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d98 | out: hHeap=0x6d0000) returned 1 [0033.317] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="Security", cAlternateFileName="")) returned 1 [0033.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d00 [0033.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5d98 [0033.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d00 | out: hHeap=0x6d0000) returned 1 [0033.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5e78 [0033.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.317] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="..", cAlternateFileName="")) returned 1 [0033.317] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda8cdc00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8f3d60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x1517, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="addressbook.acrodata", cAlternateFileName="ADDRES~1.ACR")) returned 1 [0033.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5f20 [0033.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5fc8 [0033.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f20 | out: hHeap=0x6d0000) returned 1 [0033.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.318] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1517, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1517, lpOverlapped=0x0) returned 1 [0033.320] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.320] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1517, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1517, lpOverlapped=0x0) returned 1 [0033.320] CloseHandle (hObject=0x4c) returned 1 [0033.320] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e60c0 [0033.320] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata.adv")) returned 1 [0033.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c0 | out: hHeap=0x6d0000) returned 1 [0033.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc8 | out: hHeap=0x6d0000) returned 1 [0033.321] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="CRLCache", cAlternateFileName="")) returned 1 [0033.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5f20 [0033.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5fc8 [0033.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f20 | out: hHeap=0x6d0000) returned 1 [0033.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e60c0 [0033.321] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaf, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0033.321] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaf, cFileName="..", cAlternateFileName="")) returned 1 [0033.321] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda5adf20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefc97c0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0xaf, cFileName="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", cAlternateFileName="48B764~1.CRL")) returned 1 [0033.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e6178 [0033.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e6230 [0033.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6178 | out: hHeap=0x6d0000) returned 1 [0033.321] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.322] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3a5, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x3a5, lpOverlapped=0x0) returned 1 [0033.323] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.323] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3a5, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x3a5, lpOverlapped=0x0) returned 1 [0033.323] CloseHandle (hObject=0x50) returned 1 [0033.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e6340 [0033.324] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl.adv")) returned 1 [0033.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6340 | out: hHeap=0x6d0000) returned 1 [0033.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6230 | out: hHeap=0x6d0000) returned 1 [0033.325] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefa3660, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x9347, dwReserved0=0x0, dwReserved1=0xaf, cFileName="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cAlternateFileName="A9B821~1.CRL")) returned 1 [0033.325] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e6178 [0033.325] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e6230 [0033.325] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6178 | out: hHeap=0x6d0000) returned 1 [0033.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.325] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9347, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x9347, lpOverlapped=0x0) returned 1 [0033.328] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.328] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9347, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x9347, lpOverlapped=0x0) returned 1 [0033.328] CloseHandle (hObject=0x50) returned 1 [0033.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e6340 [0033.328] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl.adv")) returned 1 [0033.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6340 | out: hHeap=0x6d0000) returned 1 [0033.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6230 | out: hHeap=0x6d0000) returned 1 [0033.329] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefa3660, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x9347, dwReserved0=0x0, dwReserved1=0xaf, cFileName="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cAlternateFileName="A9B821~1.CRL")) returned 0 [0033.329] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0033.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c0 | out: hHeap=0x6d0000) returned 1 [0033.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc8 | out: hHeap=0x6d0000) returned 1 [0033.329] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xec7c9cd0, cFileName="CRLCache", cAlternateFileName="")) returned 0 [0033.329] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e78 | out: hHeap=0x6d0000) returned 1 [0033.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d98 | out: hHeap=0x6d0000) returned 1 [0033.329] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd708940, cFileName="Security", cAlternateFileName="")) returned 0 [0033.329] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c68 | out: hHeap=0x6d0000) returned 1 [0033.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ba0 | out: hHeap=0x6d0000) returned 1 [0033.329] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="10.0", cAlternateFileName="")) returned 0 [0033.329] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a90 | out: hHeap=0x6d0000) returned 1 [0033.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59e0 | out: hHeap=0x6d0000) returned 1 [0033.329] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5968 [0033.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e59e0 [0033.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5968 | out: hHeap=0x6d0000) returned 1 [0033.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a90 [0033.329] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.330] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0033.330] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="AssetCache", cAlternateFileName="ASSETC~1")) returned 1 [0033.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5b28 [0033.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5bc0 [0033.330] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b28 | out: hHeap=0x6d0000) returned 1 [0033.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ca0 [0033.330] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.330] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0033.330] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="D5NTRC6R", cAlternateFileName="")) returned 1 [0033.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d48 [0033.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5df0 [0033.330] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d48 | out: hHeap=0x6d0000) returned 1 [0033.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5ee8 [0033.330] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x1d40bff0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.331] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x1d40bff0, cFileName="..", cAlternateFileName="")) returned 1 [0033.331] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x1d40bff0, cFileName="..", cAlternateFileName="")) returned 0 [0033.332] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee8 | out: hHeap=0x6d0000) returned 1 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5df0 | out: hHeap=0x6d0000) returned 1 [0033.332] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="D5NTRC6R", cAlternateFileName="")) returned 0 [0033.332] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ca0 | out: hHeap=0x6d0000) returned 1 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5bc0 | out: hHeap=0x6d0000) returned 1 [0033.332] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="AssetCache", cAlternateFileName="ASSETC~1")) returned 0 [0033.332] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a90 | out: hHeap=0x6d0000) returned 1 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59e0 | out: hHeap=0x6d0000) returned 1 [0033.332] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="Headlights", cAlternateFileName="HEADLI~1")) returned 1 [0033.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5968 [0033.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e59e0 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5968 | out: hHeap=0x6d0000) returned 1 [0033.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5a90 [0033.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5b18 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a90 | out: hHeap=0x6d0000) returned 1 [0033.332] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.332] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0033.332] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 0 [0033.332] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b18 | out: hHeap=0x6d0000) returned 1 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59e0 | out: hHeap=0x6d0000) returned 1 [0033.332] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0033.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5968 [0033.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e59e0 [0033.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5968 | out: hHeap=0x6d0000) returned 1 [0033.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5a90 [0033.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5b18 [0033.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a90 | out: hHeap=0x6d0000) returned 1 [0033.333] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.333] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0033.333] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0033.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5a90 [0033.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5be0 [0033.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a90 | out: hHeap=0x6d0000) returned 1 [0033.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ca8 [0033.333] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.333] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0033.333] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 0 [0033.333] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ca8 | out: hHeap=0x6d0000) returned 1 [0033.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5be0 | out: hHeap=0x6d0000) returned 1 [0033.333] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 0 [0033.333] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b18 | out: hHeap=0x6d0000) returned 1 [0033.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59e0 | out: hHeap=0x6d0000) returned 1 [0033.333] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="LogTransport2", cAlternateFileName="LOGTRA~1")) returned 1 [0033.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e5968 [0033.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e59e0 [0033.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5968 | out: hHeap=0x6d0000) returned 1 [0033.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a90 [0033.334] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.334] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 1 [0033.334] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xcd72eaa0, cFileName="..", cAlternateFileName="")) returned 0 [0033.334] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a90 | out: hHeap=0x6d0000) returned 1 [0033.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59e0 | out: hHeap=0x6d0000) returned 1 [0033.334] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="LogTransport2", cAlternateFileName="LOGTRA~1")) returned 0 [0033.334] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0033.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.334] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf4f8d790, ftCreationTime.dwHighDateTime=0x1d5b716, ftLastAccessTime.dwLowDateTime=0x41942fe0, ftLastAccessTime.dwHighDateTime=0x1d5bae7, ftLastWriteTime.dwLowDateTime=0x41942fe0, ftLastWriteTime.dwHighDateTime=0x1d5bae7, nFileSizeHigh=0x0, nFileSizeLow=0xf221, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="bn K8USjM2.ods", cAlternateFileName="BNK8US~1.ODS")) returned 1 [0033.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bn K8USjM2.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bn k8usjm2.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.334] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf221, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xf221, lpOverlapped=0x0) returned 1 [0033.335] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.335] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf221, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xf221, lpOverlapped=0x0) returned 1 [0033.336] CloseHandle (hObject=0x3c) returned 1 [0033.336] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e58f0 [0033.336] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bn K8USjM2.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bn k8usjm2.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bn K8USjM2.ods.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bn k8usjm2.ods.adv")) returned 1 [0033.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.337] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6743b4a0, ftCreationTime.dwHighDateTime=0x1d5be4c, ftLastAccessTime.dwLowDateTime=0x45057d70, ftLastAccessTime.dwHighDateTime=0x1d5c0bc, ftLastWriteTime.dwLowDateTime=0x45057d70, ftLastWriteTime.dwHighDateTime=0x1d5c0bc, nFileSizeHigh=0x0, nFileSizeLow=0x156fc, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="bn2zVVu.avi", cAlternateFileName="")) returned 1 [0033.337] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.337] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.337] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bn2zVVu.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bn2zvvu.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.337] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x156fc, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x156fc, lpOverlapped=0x0) returned 1 [0033.338] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.338] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x156fc, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x156fc, lpOverlapped=0x0) returned 1 [0033.338] CloseHandle (hObject=0x3c) returned 1 [0033.338] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.338] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bn2zVVu.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bn2zvvu.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bn2zVVu.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bn2zvvu.avi.adv")) returned 1 [0033.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.339] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5aada1d0, ftCreationTime.dwHighDateTime=0x1d5b599, ftLastAccessTime.dwLowDateTime=0x1cb64dc0, ftLastAccessTime.dwHighDateTime=0x1d5bfab, ftLastWriteTime.dwLowDateTime=0x1cb64dc0, ftLastWriteTime.dwHighDateTime=0x1d5bfab, nFileSizeHigh=0x0, nFileSizeLow=0xbfaf, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="DkNM Gj.ods", cAlternateFileName="DKNMGJ~1.ODS")) returned 1 [0033.339] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.339] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DkNM Gj.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dknm gj.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.339] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbfaf, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xbfaf, lpOverlapped=0x0) returned 1 [0033.341] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.341] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbfaf, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xbfaf, lpOverlapped=0x0) returned 1 [0033.341] CloseHandle (hObject=0x3c) returned 1 [0033.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.341] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DkNM Gj.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dknm gj.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DkNM Gj.ods.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dknm gj.ods.adv")) returned 1 [0033.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.342] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x754665b0, ftCreationTime.dwHighDateTime=0x1d5b5ba, ftLastAccessTime.dwLowDateTime=0x46f0e9a0, ftLastAccessTime.dwHighDateTime=0x1d5b930, ftLastWriteTime.dwLowDateTime=0x46f0e9a0, ftLastWriteTime.dwHighDateTime=0x1d5b930, nFileSizeHigh=0x0, nFileSizeLow=0x5a94, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="DkUi.gif", cAlternateFileName="")) returned 1 [0033.342] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.342] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DkUi.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dkui.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.342] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5a94, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x5a94, lpOverlapped=0x0) returned 1 [0033.343] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.343] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5a94, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x5a94, lpOverlapped=0x0) returned 1 [0033.343] CloseHandle (hObject=0x3c) returned 1 [0033.343] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.343] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DkUi.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dkui.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DkUi.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dkui.gif.adv")) returned 1 [0033.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.344] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e956a0, ftCreationTime.dwHighDateTime=0x1d5b72e, ftLastAccessTime.dwLowDateTime=0x8a54eca0, ftLastAccessTime.dwHighDateTime=0x1d5c3c6, ftLastWriteTime.dwLowDateTime=0x8a54eca0, ftLastWriteTime.dwHighDateTime=0x1d5c3c6, nFileSizeHigh=0x0, nFileSizeLow=0x1090f, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="eZfj.jpg", cAlternateFileName="")) returned 1 [0033.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eZfj.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ezfj.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.345] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1090f, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1090f, lpOverlapped=0x0) returned 1 [0033.346] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.346] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1090f, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1090f, lpOverlapped=0x0) returned 1 [0033.346] CloseHandle (hObject=0x3c) returned 1 [0033.346] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.346] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eZfj.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ezfj.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eZfj.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ezfj.jpg.adv")) returned 1 [0033.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.347] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82e40, ftCreationTime.dwHighDateTime=0x1d5c4f7, ftLastAccessTime.dwLowDateTime=0x62162510, ftLastAccessTime.dwHighDateTime=0x1d5c15f, ftLastWriteTime.dwLowDateTime=0x62162510, ftLastWriteTime.dwHighDateTime=0x1d5c15f, nFileSizeHigh=0x0, nFileSizeLow=0x12daa, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="fFWyPnXXSkN.m4a", cAlternateFileName="FFWYPN~1.M4A")) returned 1 [0033.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fFWyPnXXSkN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ffwypnxxskn.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.347] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12daa, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x12daa, lpOverlapped=0x0) returned 1 [0033.348] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.348] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12daa, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x12daa, lpOverlapped=0x0) returned 1 [0033.348] CloseHandle (hObject=0x3c) returned 1 [0033.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e58f0 [0033.349] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fFWyPnXXSkN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ffwypnxxskn.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fFWyPnXXSkN.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ffwypnxxskn.m4a.adv")) returned 1 [0033.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.349] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8357d090, ftCreationTime.dwHighDateTime=0x1d5bd3e, ftLastAccessTime.dwLowDateTime=0x1cc63f60, ftLastAccessTime.dwHighDateTime=0x1d5bfc3, ftLastWriteTime.dwLowDateTime=0x1cc63f60, ftLastWriteTime.dwHighDateTime=0x1d5bfc3, nFileSizeHigh=0x0, nFileSizeLow=0x10aa7, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="ghXQE5VKi9UTmTwgh.rtf", cAlternateFileName="GHXQE5~1.RTF")) returned 1 [0033.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5858 [0033.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ghXQE5VKi9UTmTwgh.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ghxqe5vki9utmtwgh.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.350] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10aa7, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x10aa7, lpOverlapped=0x0) returned 1 [0033.351] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.351] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10aa7, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x10aa7, lpOverlapped=0x0) returned 1 [0033.351] CloseHandle (hObject=0x3c) returned 1 [0033.351] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e58f0 [0033.351] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ghXQE5VKi9UTmTwgh.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ghxqe5vki9utmtwgh.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ghXQE5VKi9UTmTwgh.rtf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ghxqe5vki9utmtwgh.rtf.adv")) returned 1 [0033.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.352] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd649d3d0, ftCreationTime.dwHighDateTime=0x1d5b7d4, ftLastAccessTime.dwLowDateTime=0xc5074db0, ftLastAccessTime.dwHighDateTime=0x1d5c35e, ftLastWriteTime.dwLowDateTime=0xc5074db0, ftLastWriteTime.dwHighDateTime=0x1d5c35e, nFileSizeHigh=0x0, nFileSizeLow=0x8ba9, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="GI0Fotbp3 6_Et.mkv", cAlternateFileName="GI0FOT~1.MKV")) returned 1 [0033.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5858 [0033.352] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\GI0Fotbp3 6_Et.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gi0fotbp3 6_et.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.352] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8ba9, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x8ba9, lpOverlapped=0x0) returned 1 [0033.353] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.353] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8ba9, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x8ba9, lpOverlapped=0x0) returned 1 [0033.354] CloseHandle (hObject=0x3c) returned 1 [0033.354] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e58f0 [0033.354] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\GI0Fotbp3 6_Et.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gi0fotbp3 6_et.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\GI0Fotbp3 6_Et.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gi0fotbp3 6_et.mkv.adv")) returned 1 [0033.354] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.354] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.354] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74765c90, ftCreationTime.dwHighDateTime=0x1d5ba7d, ftLastAccessTime.dwLowDateTime=0x40089310, ftLastAccessTime.dwHighDateTime=0x1d5bc35, ftLastWriteTime.dwLowDateTime=0x40089310, ftLastWriteTime.dwHighDateTime=0x1d5bc35, nFileSizeHigh=0x0, nFileSizeLow=0x101a4, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="hizpxN.mp4", cAlternateFileName="")) returned 1 [0033.354] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.354] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.354] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\hizpxN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hizpxn.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.355] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x101a4, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x101a4, lpOverlapped=0x0) returned 1 [0033.356] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.356] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x101a4, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x101a4, lpOverlapped=0x0) returned 1 [0033.356] CloseHandle (hObject=0x3c) returned 1 [0033.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.356] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\hizpxN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hizpxn.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\hizpxN.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hizpxn.mp4.adv")) returned 1 [0033.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.357] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x23b6e7e0, ftCreationTime.dwHighDateTime=0x1d5b76f, ftLastAccessTime.dwLowDateTime=0x35a6c170, ftLastAccessTime.dwHighDateTime=0x1d5bcae, ftLastWriteTime.dwLowDateTime=0x35a6c170, ftLastWriteTime.dwHighDateTime=0x1d5bcae, nFileSizeHigh=0x0, nFileSizeLow=0x1fc7, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="i-eH QgphqkG.png", cAlternateFileName="I-EHQG~1.PNG")) returned 1 [0033.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i-eH QgphqkG.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i-eh qgphqkg.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.357] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1fc7, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1fc7, lpOverlapped=0x0) returned 1 [0033.358] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.358] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1fc7, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1fc7, lpOverlapped=0x0) returned 1 [0033.358] CloseHandle (hObject=0x3c) returned 1 [0033.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e58f0 [0033.358] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i-eH QgphqkG.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i-eh qgphqkg.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i-eH QgphqkG.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i-eh qgphqkg.png.adv")) returned 1 [0033.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.359] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7939150, ftCreationTime.dwHighDateTime=0x1d5b988, ftLastAccessTime.dwLowDateTime=0xbbc84570, ftLastAccessTime.dwHighDateTime=0x1d5b787, ftLastWriteTime.dwLowDateTime=0xbbc84570, ftLastWriteTime.dwHighDateTime=0x1d5b787, nFileSizeHigh=0x0, nFileSizeLow=0x122fd, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="i-t7S8dNyuaF8hazm8d.ppt", cAlternateFileName="I-T7S8~1.PPT")) returned 1 [0033.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5858 [0033.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i-t7S8dNyuaF8hazm8d.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i-t7s8dnyuaf8hazm8d.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.359] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x122fd, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x122fd, lpOverlapped=0x0) returned 1 [0033.361] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.361] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x122fd, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x122fd, lpOverlapped=0x0) returned 1 [0033.361] CloseHandle (hObject=0x3c) returned 1 [0033.361] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e58f0 [0033.361] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i-t7S8dNyuaF8hazm8d.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i-t7s8dnyuaf8hazm8d.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i-t7S8dNyuaF8hazm8d.ppt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i-t7s8dnyuaf8hazm8d.ppt.adv")) returned 1 [0033.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.364] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0033.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.364] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0033.364] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="..", cAlternateFileName="")) returned 1 [0033.364] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0033.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5978 [0033.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5a00 [0033.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5978 | out: hHeap=0x6d0000) returned 1 [0033.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ac8 [0033.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5b90 [0033.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.365] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.365] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.365] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 0 [0033.365] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a00 | out: hHeap=0x6d0000) returned 1 [0033.365] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b5, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0033.365] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0033.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.365] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8bc07810, ftCreationTime.dwHighDateTime=0x1d5b724, ftLastAccessTime.dwLowDateTime=0x6cf957f0, ftLastAccessTime.dwHighDateTime=0x1d5c2e4, ftLastWriteTime.dwLowDateTime=0x6cf957f0, ftLastWriteTime.dwHighDateTime=0x1d5c2e4, nFileSizeHigh=0x0, nFileSizeLow=0x1ff2, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="JiLw9_.flv", cAlternateFileName="")) returned 1 [0033.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JiLw9_.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jilw9_.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.365] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1ff2, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1ff2, lpOverlapped=0x0) returned 1 [0033.366] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.366] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1ff2, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1ff2, lpOverlapped=0x0) returned 1 [0033.366] CloseHandle (hObject=0x3c) returned 1 [0033.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.366] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JiLw9_.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jilw9_.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\JiLw9_.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jilw9_.flv.adv")) returned 1 [0033.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.367] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3c2a770, ftCreationTime.dwHighDateTime=0x1d5b9bb, ftLastAccessTime.dwLowDateTime=0x3bd76140, ftLastAccessTime.dwHighDateTime=0x1d5b5fa, ftLastWriteTime.dwLowDateTime=0x3bd76140, ftLastWriteTime.dwHighDateTime=0x1d5b5fa, nFileSizeHigh=0x0, nFileSizeLow=0xc5d7, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="jiwVxqQtj.png", cAlternateFileName="JIWVXQ~1.PNG")) returned 1 [0033.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jiwVxqQtj.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jiwvxqqtj.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.367] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc5d7, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xc5d7, lpOverlapped=0x0) returned 1 [0033.368] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.368] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc5d7, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xc5d7, lpOverlapped=0x0) returned 1 [0033.369] CloseHandle (hObject=0x3c) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.369] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jiwVxqQtj.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jiwvxqqtj.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jiwVxqQtj.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jiwvxqqtj.png.adv")) returned 1 [0033.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.369] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad1fb530, ftCreationTime.dwHighDateTime=0x1d5b97b, ftLastAccessTime.dwLowDateTime=0xe2866fe0, ftLastAccessTime.dwHighDateTime=0x1d5c022, ftLastWriteTime.dwLowDateTime=0xe2866fe0, ftLastWriteTime.dwHighDateTime=0x1d5c022, nFileSizeHigh=0x0, nFileSizeLow=0x12095, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="jrHovbdUUedPxgPAV.mkv", cAlternateFileName="JRHOVB~1.MKV")) returned 1 [0033.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5858 [0033.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jrHovbdUUedPxgPAV.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jrhovbduuedpxgpav.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.370] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12095, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x12095, lpOverlapped=0x0) returned 1 [0033.371] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.371] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12095, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x12095, lpOverlapped=0x0) returned 1 [0033.372] CloseHandle (hObject=0x3c) returned 1 [0033.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e58f0 [0033.372] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jrHovbdUUedPxgPAV.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jrhovbduuedpxgpav.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jrHovbdUUedPxgPAV.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jrhovbduuedpxgpav.mkv.adv")) returned 1 [0033.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.373] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4c247ad0, ftCreationTime.dwHighDateTime=0x1d5c1dd, ftLastAccessTime.dwLowDateTime=0xf3eb9be0, ftLastAccessTime.dwHighDateTime=0x1d5bf9e, ftLastWriteTime.dwLowDateTime=0xf3eb9be0, ftLastWriteTime.dwHighDateTime=0x1d5bf9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb7f, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="l4VrUPJ7uo.mkv", cAlternateFileName="L4VRUP~1.MKV")) returned 1 [0033.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l4VrUPJ7uo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l4vrupj7uo.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.373] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xeb7f, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xeb7f, lpOverlapped=0x0) returned 1 [0033.374] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.374] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xeb7f, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xeb7f, lpOverlapped=0x0) returned 1 [0033.374] CloseHandle (hObject=0x3c) returned 1 [0033.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e58f0 [0033.374] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l4VrUPJ7uo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l4vrupj7uo.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l4VrUPJ7uo.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l4vrupj7uo.mkv.adv")) returned 1 [0033.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.375] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x47721f50, ftCreationTime.dwHighDateTime=0x1d5c3eb, ftLastAccessTime.dwLowDateTime=0xbbab9e80, ftLastAccessTime.dwHighDateTime=0x1d5b6ff, ftLastWriteTime.dwLowDateTime=0xbbab9e80, ftLastWriteTime.dwHighDateTime=0x1d5b6ff, nFileSizeHigh=0x0, nFileSizeLow=0x14c53, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="LnMksIp0R.png", cAlternateFileName="LNMKSI~1.PNG")) returned 1 [0033.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LnMksIp0R.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lnmksip0r.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.376] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14c53, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x14c53, lpOverlapped=0x0) returned 1 [0033.377] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.377] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14c53, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x14c53, lpOverlapped=0x0) returned 1 [0033.377] CloseHandle (hObject=0x3c) returned 1 [0033.377] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.377] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LnMksIp0R.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lnmksip0r.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LnMksIp0R.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lnmksip0r.png.adv")) returned 1 [0033.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.378] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x214baf10, ftCreationTime.dwHighDateTime=0x1d5c3b6, ftLastAccessTime.dwLowDateTime=0x223f7fd0, ftLastAccessTime.dwHighDateTime=0x1d5c304, ftLastWriteTime.dwLowDateTime=0x223f7fd0, ftLastWriteTime.dwHighDateTime=0x1d5c304, nFileSizeHigh=0x0, nFileSizeLow=0x45cd, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="m n3Gjz823swFH3R.rtf", cAlternateFileName="MN3GJZ~1.RTF")) returned 1 [0033.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5858 [0033.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\m n3Gjz823swFH3R.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\m n3gjz823swfh3r.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0033.378] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x45cd, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x45cd, lpOverlapped=0x0) returned 1 [0033.379] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.379] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x45cd, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x45cd, lpOverlapped=0x0) returned 1 [0033.379] CloseHandle (hObject=0x3c) returned 1 [0033.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e58f0 [0033.379] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\m n3Gjz823swFH3R.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\m n3gjz823swfh3r.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\m n3Gjz823swFH3R.rtf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\m n3gjz823swfh3r.rtf.adv")) returned 1 [0033.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.380] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Macromedia", cAlternateFileName="MACROM~1")) returned 1 [0033.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e58f0 [0033.380] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0033.380] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="..", cAlternateFileName="")) returned 1 [0033.380] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0033.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5978 [0033.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5a00 [0033.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5978 | out: hHeap=0x6d0000) returned 1 [0033.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5ac8 [0033.381] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6b695060, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.381] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6b695060, cFileName="..", cAlternateFileName="")) returned 1 [0033.381] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6b695060, cFileName="#SharedObjects", cAlternateFileName="#SHARE~1")) returned 1 [0033.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5b60 [0033.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5bf8 [0033.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b60 | out: hHeap=0x6d0000) returned 1 [0033.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5cd8 [0033.381] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x1d4582b0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.385] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x1d4582b0, cFileName="..", cAlternateFileName="")) returned 1 [0033.385] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x1d4582b0, cFileName="P7Y3F7QB", cAlternateFileName="")) returned 1 [0033.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d90 [0033.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5e48 [0033.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d90 | out: hHeap=0x6d0000) returned 1 [0033.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5f58 [0033.385] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d4582b0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.386] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d4582b0, cFileName="..", cAlternateFileName="")) returned 1 [0033.386] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d35d06, dwReserved1=0x1d4582b0, cFileName="..", cAlternateFileName="")) returned 0 [0033.386] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f58 | out: hHeap=0x6d0000) returned 1 [0033.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e48 | out: hHeap=0x6d0000) returned 1 [0033.386] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x1d4582b0, cFileName="P7Y3F7QB", cAlternateFileName="")) returned 0 [0033.386] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5cd8 | out: hHeap=0x6d0000) returned 1 [0033.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5bf8 | out: hHeap=0x6d0000) returned 1 [0033.386] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6b695060, cFileName="macromedia.com", cAlternateFileName="MACROM~1.COM")) returned 1 [0033.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5b60 [0033.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5bf8 [0033.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b60 | out: hHeap=0x6d0000) returned 1 [0033.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5cd8 [0033.386] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x1d4582b0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.386] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x1d4582b0, cFileName="..", cAlternateFileName="")) returned 1 [0033.386] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x1d4582b0, cFileName="support", cAlternateFileName="")) returned 1 [0033.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d90 [0033.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5e48 [0033.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d90 | out: hHeap=0x6d0000) returned 1 [0033.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5f58 [0033.387] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d241020, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.387] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d241020, cFileName="..", cAlternateFileName="")) returned 1 [0033.387] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d241020, cFileName="flashplayer", cAlternateFileName="FLASHP~1")) returned 1 [0033.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e6020 [0033.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60e8 [0033.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6020 | out: hHeap=0x6d0000) returned 1 [0033.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6210 [0033.387] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d9d7640, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0033.387] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d9d7640, cFileName="..", cAlternateFileName="")) returned 1 [0033.387] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d9d7640, cFileName="sys", cAlternateFileName="")) returned 1 [0033.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62f8 [0033.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e63e0 [0033.387] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d9d7640, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0033.388] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d9d7640, cFileName="..", cAlternateFileName="")) returned 1 [0033.388] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x1d2dda5, dwReserved1=0x6d9d7640, cFileName="settings.sol", cAlternateFileName="")) returned 1 [0033.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e64c8 [0033.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e65b0 [0033.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e64c8 | out: hHeap=0x6d0000) returned 1 [0033.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0033.389] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d6, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x1d6, lpOverlapped=0x0) returned 1 [0033.389] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.390] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d6, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x1d6, lpOverlapped=0x0) returned 1 [0033.390] CloseHandle (hObject=0x54) returned 1 [0033.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6ee8b0 [0033.390] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.adv")) returned 1 [0033.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee8b0 | out: hHeap=0x6d0000) returned 1 [0033.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e65b0 | out: hHeap=0x6d0000) returned 1 [0033.390] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x1d2dda5, dwReserved1=0x6d9d7640, cFileName="settings.sol", cAlternateFileName="")) returned 0 [0033.390] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63e0 | out: hHeap=0x6d0000) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62f8 | out: hHeap=0x6d0000) returned 1 [0033.391] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d9d7640, cFileName="sys", cAlternateFileName="")) returned 0 [0033.391] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6210 | out: hHeap=0x6d0000) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60e8 | out: hHeap=0x6d0000) returned 1 [0033.391] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6d241020, cFileName="flashplayer", cAlternateFileName="FLASHP~1")) returned 0 [0033.391] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f58 | out: hHeap=0x6d0000) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e48 | out: hHeap=0x6d0000) returned 1 [0033.391] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x1d4582b0, cFileName="support", cAlternateFileName="")) returned 0 [0033.391] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5cd8 | out: hHeap=0x6d0000) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5bf8 | out: hHeap=0x6d0000) returned 1 [0033.391] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda5, dwReserved1=0x6b695060, cFileName="macromedia.com", cAlternateFileName="MACROM~1.COM")) returned 0 [0033.391] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a00 | out: hHeap=0x6d0000) returned 1 [0033.391] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 0 [0033.391] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0033.391] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0033.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e57f0 [0033.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e5858 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0033.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5968 [0033.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.391] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0033.392] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="..", cAlternateFileName="")) returned 1 [0033.392] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="AddIns", cAlternateFileName="")) returned 1 [0033.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.392] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5ac8 [0033.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5b50 [0033.392] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.392] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.393] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.393] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.393] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b50 | out: hHeap=0x6d0000) returned 1 [0033.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.393] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0033.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5ac8 [0033.393] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.393] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.393] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.393] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.393] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Crypto", cAlternateFileName="")) returned 1 [0033.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5ac8 [0033.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5b50 [0033.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.394] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.394] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.394] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="RSA", cAlternateFileName="")) returned 1 [0033.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5ac8 [0033.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5c18 [0033.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5ce0 [0033.394] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.394] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.394] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0033.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5d78 [0033.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5e10 [0033.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d78 | out: hHeap=0x6d0000) returned 1 [0033.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5f08 [0033.394] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x681f1360, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.396] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x681f1360, cFileName="..", cAlternateFileName="")) returned 1 [0033.396] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xa1e34990, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d, dwReserved0=0x1d2dd9c, dwReserved1=0x681f1360, cFileName="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="83AA4C~1")) returned 1 [0033.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e6000 [0033.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x170) returned 0x6e60f8 [0033.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6000 | out: hHeap=0x6d0000) returned 1 [0033.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.397] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x2d, lpOverlapped=0x0) returned 1 [0033.397] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.397] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x2d, lpOverlapped=0x0) returned 1 [0033.398] CloseHandle (hObject=0x4c) returned 1 [0033.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x180) returned 0x6e6270 [0033.398] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv")) returned 1 [0033.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6270 | out: hHeap=0x6d0000) returned 1 [0033.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60f8 | out: hHeap=0x6d0000) returned 1 [0033.398] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x57, dwReserved0=0x1d2dd9c, dwReserved1=0x681f1360, cFileName="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="932A2D~1")) returned 1 [0033.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e6000 [0033.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x170) returned 0x6e60f8 [0033.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6000 | out: hHeap=0x6d0000) returned 1 [0033.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.399] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x57, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x57, lpOverlapped=0x0) returned 1 [0033.400] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.400] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x57, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x57, lpOverlapped=0x0) returned 1 [0033.400] CloseHandle (hObject=0x4c) returned 1 [0033.400] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x180) returned 0x6e6270 [0033.400] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv")) returned 1 [0033.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6270 | out: hHeap=0x6d0000) returned 1 [0033.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60f8 | out: hHeap=0x6d0000) returned 1 [0033.401] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0aa1fc0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d, dwReserved0=0x1d2dd9c, dwReserved1=0x681f1360, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="FDA992~1")) returned 1 [0033.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e6000 [0033.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x170) returned 0x6e60f8 [0033.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6000 | out: hHeap=0x6d0000) returned 1 [0033.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.401] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x3d, lpOverlapped=0x0) returned 1 [0033.402] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.402] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x3d, lpOverlapped=0x0) returned 1 [0033.403] CloseHandle (hObject=0x4c) returned 1 [0033.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x180) returned 0x6e6270 [0033.403] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv")) returned 1 [0033.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6270 | out: hHeap=0x6d0000) returned 1 [0033.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60f8 | out: hHeap=0x6d0000) returned 1 [0033.403] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0aa1fc0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d, dwReserved0=0x1d2dd9c, dwReserved1=0x681f1360, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="FDA992~1")) returned 0 [0033.403] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f08 | out: hHeap=0x6d0000) returned 1 [0033.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e10 | out: hHeap=0x6d0000) returned 1 [0033.403] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0033.404] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ce0 | out: hHeap=0x6d0000) returned 1 [0033.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c18 | out: hHeap=0x6d0000) returned 1 [0033.404] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="RSA", cAlternateFileName="")) returned 0 [0033.404] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b50 | out: hHeap=0x6d0000) returned 1 [0033.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.404] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0033.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5ac8 [0033.404] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.404] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.404] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="1033", cAlternateFileName="")) returned 1 [0033.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b80 [0033.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c38 [0033.404] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x4f766d30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.405] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x4f766d30, cFileName="..", cAlternateFileName="")) returned 1 [0033.405] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x4f766d30, cFileName="14", cAlternateFileName="")) returned 1 [0033.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5cf0 [0033.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5da8 [0033.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5cf0 | out: hHeap=0x6d0000) returned 1 [0033.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5eb8 [0033.405] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x4f766d30, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.405] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x4f766d30, cFileName="..", cAlternateFileName="")) returned 1 [0033.405] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4e2b7e00, ftLastWriteTime.dwHighDateTime=0x1ca911e, nFileSizeHigh=0x0, nFileSizeLow=0x3fe4ab, dwReserved0=0x1d2dda4, dwReserved1=0x4f766d30, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0033.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5f80 [0033.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e6048 [0033.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f80 | out: hHeap=0x6d0000) returned 1 [0033.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.405] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fe4ab, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x3fe4ab, lpOverlapped=0x0) returned 1 [0033.472] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.472] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fe4ab, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x3fe4ab, lpOverlapped=0x0) returned 1 [0033.510] CloseHandle (hObject=0x4c) returned 1 [0033.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e6170 [0033.510] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx.adv")) returned 1 [0033.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6170 | out: hHeap=0x6d0000) returned 1 [0033.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6048 | out: hHeap=0x6d0000) returned 1 [0033.511] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4e2b7e00, ftLastWriteTime.dwHighDateTime=0x1ca911e, nFileSizeHigh=0x0, nFileSizeLow=0x3fe4ab, dwReserved0=0x1d2dda4, dwReserved1=0x4f766d30, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 0 [0033.511] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5da8 | out: hHeap=0x6d0000) returned 1 [0033.511] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x4f766d30, cFileName="14", cAlternateFileName="")) returned 0 [0033.511] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c38 | out: hHeap=0x6d0000) returned 1 [0033.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b80 | out: hHeap=0x6d0000) returned 1 [0033.511] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="1033", cAlternateFileName="")) returned 0 [0033.511] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.511] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Excel", cAlternateFileName="")) returned 1 [0033.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5ac8 [0033.511] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.512] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.512] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0033.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5b50 [0033.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5bd8 [0033.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b50 | out: hHeap=0x6d0000) returned 1 [0033.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5ca0 [0033.512] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xd01394e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.512] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xd01394e0, cFileName="..", cAlternateFileName="")) returned 1 [0033.513] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xd01394e0, cFileName="..", cAlternateFileName="")) returned 0 [0033.513] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ca0 | out: hHeap=0x6d0000) returned 1 [0033.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5bd8 | out: hHeap=0x6d0000) returned 1 [0033.513] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0033.513] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.514] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.514] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.514] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="IME12", cAlternateFileName="")) returned 1 [0033.514] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.514] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.514] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.514] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5ac8 [0033.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.515] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.515] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.515] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.515] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0033.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5ac8 [0033.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5b50 [0033.515] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.515] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.515] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.515] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b50 | out: hHeap=0x6d0000) returned 1 [0033.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.516] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0033.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5ac8 [0033.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5b50 [0033.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.516] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.516] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.516] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b50 | out: hHeap=0x6d0000) returned 1 [0033.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.516] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0033.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e5ac8 [0033.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5b50 [0033.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.517] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.517] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.517] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b50 | out: hHeap=0x6d0000) returned 1 [0033.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.517] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0033.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e5a18 [0033.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac8 [0033.517] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.517] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.517] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0033.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5b70 [0033.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5c18 [0033.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b70 | out: hHeap=0x6d0000) returned 1 [0033.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d10 [0033.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5dc8 [0033.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d10 | out: hHeap=0x6d0000) returned 1 [0033.518] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.518] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="..", cAlternateFileName="")) returned 1 [0033.518] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4eb35ad0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0033.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d10 [0033.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5ed8 [0033.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d10 | out: hHeap=0x6d0000) returned 1 [0033.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.518] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xdd, lpOverlapped=0x0) returned 1 [0033.519] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.519] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xdd, lpOverlapped=0x0) returned 1 [0033.519] CloseHandle (hObject=0x48) returned 1 [0033.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5fe8 [0033.519] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.adv")) returned 1 [0033.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0033.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ed8 | out: hHeap=0x6d0000) returned 1 [0033.520] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df47e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df47e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a683760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x8e9, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0033.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d10 [0033.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5ed8 [0033.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d10 | out: hHeap=0x6d0000) returned 1 [0033.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.521] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8e9, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x8e9, lpOverlapped=0x0) returned 1 [0033.536] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.536] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8e9, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x8e9, lpOverlapped=0x0) returned 1 [0033.536] CloseHandle (hObject=0x48) returned 1 [0033.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5fe8 [0033.536] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk.adv")) returned 1 [0033.537] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0033.537] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ed8 | out: hHeap=0x6d0000) returned 1 [0033.537] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eb0f970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb0f970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4eb0f970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0033.537] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d10 [0033.537] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5ed8 [0033.537] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d10 | out: hHeap=0x6d0000) returned 1 [0033.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.538] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5a7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5a7, lpOverlapped=0x0) returned 1 [0033.540] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.540] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5a7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5a7, lpOverlapped=0x0) returned 1 [0033.540] CloseHandle (hObject=0x48) returned 1 [0033.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5fe8 [0033.540] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk.adv")) returned 1 [0033.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0033.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ed8 | out: hHeap=0x6d0000) returned 1 [0033.541] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0033.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d10 [0033.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5ed8 [0033.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d10 | out: hHeap=0x6d0000) returned 1 [0033.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.541] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x122, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x122, lpOverlapped=0x0) returned 1 [0033.542] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.542] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x122, lpOverlapped=0x0) returned 1 [0033.542] CloseHandle (hObject=0x48) returned 1 [0033.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5fe8 [0033.542] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.adv")) returned 1 [0033.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0033.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ed8 | out: hHeap=0x6d0000) returned 1 [0033.543] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0033.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d10 [0033.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5ed8 [0033.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d10 | out: hHeap=0x6d0000) returned 1 [0033.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5fe8 [0033.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc6, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.544] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc6, cFileName="..", cAlternateFileName="")) returned 1 [0033.544] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc6, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0033.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e60c0 [0033.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e6198 [0033.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60c0 | out: hHeap=0x6d0000) returned 1 [0033.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e62d8 [0033.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62d8 | out: hHeap=0x6d0000) returned 1 [0033.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0033.544] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.544] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 0 [0033.545] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0033.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63d0 | out: hHeap=0x6d0000) returned 1 [0033.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6198 | out: hHeap=0x6d0000) returned 1 [0033.545] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc6, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0033.545] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0033.545] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.545] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc4b320, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0033.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.545] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19c, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x19c, lpOverlapped=0x0) returned 1 [0033.546] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.546] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19c, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x19c, lpOverlapped=0x0) returned 1 [0033.546] CloseHandle (hObject=0x50) returned 1 [0033.546] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e6600 [0033.546] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.adv")) returned 1 [0033.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6600 | out: hHeap=0x6d0000) returned 1 [0033.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e64a8 | out: hHeap=0x6d0000) returned 1 [0033.547] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e02c640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7e02c640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df47e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8dd, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0033.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e63c0 [0033.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e64a8 [0033.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c0 | out: hHeap=0x6d0000) returned 1 [0033.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.548] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8dd, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x8dd, lpOverlapped=0x0) returned 1 [0033.548] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.549] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8dd, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x8dd, lpOverlapped=0x0) returned 1 [0033.549] CloseHandle (hObject=0x50) returned 1 [0033.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e6600 [0033.549] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk.adv")) returned 1 [0033.550] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6600 | out: hHeap=0x6d0000) returned 1 [0033.550] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e64a8 | out: hHeap=0x6d0000) returned 1 [0033.550] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc251c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc251c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0033.550] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e63c0 [0033.550] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e64a8 [0033.550] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c0 | out: hHeap=0x6d0000) returned 1 [0033.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.550] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5ad, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x5ad, lpOverlapped=0x0) returned 1 [0033.551] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.551] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5ad, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x5ad, lpOverlapped=0x0) returned 1 [0033.551] CloseHandle (hObject=0x50) returned 1 [0033.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e6600 [0033.551] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk.adv")) returned 1 [0033.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6600 | out: hHeap=0x6d0000) returned 1 [0033.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e64a8 | out: hHeap=0x6d0000) returned 1 [0033.552] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0033.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e63c0 [0033.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e64a8 [0033.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c0 | out: hHeap=0x6d0000) returned 1 [0033.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.553] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5a9, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x5a9, lpOverlapped=0x0) returned 1 [0033.554] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.554] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5a9, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x5a9, lpOverlapped=0x0) returned 1 [0033.555] CloseHandle (hObject=0x50) returned 1 [0033.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e6600 [0033.555] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.adv")) returned 1 [0033.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6600 | out: hHeap=0x6d0000) returned 1 [0033.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e64a8 | out: hHeap=0x6d0000) returned 1 [0033.556] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0de7e00, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x491, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0033.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e63c0 [0033.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e64a8 [0033.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c0 | out: hHeap=0x6d0000) returned 1 [0033.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.556] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x491, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x491, lpOverlapped=0x0) returned 1 [0033.557] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.557] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x491, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x491, lpOverlapped=0x0) returned 1 [0033.557] CloseHandle (hObject=0x50) returned 1 [0033.557] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e6600 [0033.557] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk.adv")) returned 1 [0033.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6600 | out: hHeap=0x6d0000) returned 1 [0033.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e64a8 | out: hHeap=0x6d0000) returned 1 [0033.558] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0033.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e63c0 [0033.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e64a8 [0033.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c0 | out: hHeap=0x6d0000) returned 1 [0033.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.559] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4cc, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0033.560] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.560] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4cc, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0033.560] CloseHandle (hObject=0x50) returned 1 [0033.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e6600 [0033.560] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk.adv")) returned 1 [0033.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6600 | out: hHeap=0x6d0000) returned 1 [0033.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e64a8 | out: hHeap=0x6d0000) returned 1 [0033.561] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0033.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0033.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f0998 [0033.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.562] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4cc, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0033.563] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.563] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4cc, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0033.563] CloseHandle (hObject=0x50) returned 1 [0033.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e63c0 [0033.563] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.adv")) returned 1 [0033.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c0 | out: hHeap=0x6d0000) returned 1 [0033.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0998 | out: hHeap=0x6d0000) returned 1 [0033.564] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0033.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0033.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f0998 [0033.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.565] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x60b, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x60b, lpOverlapped=0x0) returned 1 [0033.565] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.566] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x60b, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x60b, lpOverlapped=0x0) returned 1 [0033.566] CloseHandle (hObject=0x50) returned 1 [0033.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e63c0 [0033.566] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk.adv")) returned 1 [0033.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c0 | out: hHeap=0x6d0000) returned 1 [0033.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0998 | out: hHeap=0x6d0000) returned 1 [0033.567] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0033.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0033.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6f0998 [0033.567] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.568] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x60b, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x60b, lpOverlapped=0x0) returned 1 [0033.569] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.569] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x60b, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x60b, lpOverlapped=0x0) returned 1 [0033.569] CloseHandle (hObject=0x50) returned 1 [0033.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e63c0 [0033.569] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.adv")) returned 1 [0033.570] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c0 | out: hHeap=0x6d0000) returned 1 [0033.570] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0998 | out: hHeap=0x6d0000) returned 1 [0033.570] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0033.570] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0033.570] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62d8 | out: hHeap=0x6d0000) returned 1 [0033.570] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6198 | out: hHeap=0x6d0000) returned 1 [0033.570] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc6, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0033.571] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fe8 | out: hHeap=0x6d0000) returned 1 [0033.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ed8 | out: hHeap=0x6d0000) returned 1 [0033.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0033.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d10 [0033.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f08b0 [0033.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d10 | out: hHeap=0x6d0000) returned 1 [0033.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.571] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x110, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x110, lpOverlapped=0x0) returned 1 [0033.572] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.572] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x110, lpOverlapped=0x0) returned 1 [0033.572] CloseHandle (hObject=0x48) returned 1 [0033.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f09c0 [0033.572] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.adv")) returned 1 [0033.573] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09c0 | out: hHeap=0x6d0000) returned 1 [0033.573] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.573] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0033.573] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.573] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc8 | out: hHeap=0x6d0000) returned 1 [0033.573] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c18 | out: hHeap=0x6d0000) returned 1 [0033.573] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="UserData", cAlternateFileName="")) returned 1 [0033.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f08b0 [0033.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0958 [0033.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a50 [0033.574] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.574] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="..", cAlternateFileName="")) returned 1 [0033.574] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="Low", cAlternateFileName="")) returned 1 [0033.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0b08 [0033.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b70 [0033.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5c28 [0033.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b70 | out: hHeap=0x6d0000) returned 1 [0033.574] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b77470, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.574] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b77470, cFileName="..", cAlternateFileName="")) returned 1 [0033.574] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b77470, cFileName="65UX3YG0", cAlternateFileName="")) returned 1 [0033.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b70 [0033.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d38 [0033.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b70 | out: hHeap=0x6d0000) returned 1 [0033.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5e48 [0033.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5f10 [0033.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e48 | out: hHeap=0x6d0000) returned 1 [0033.575] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b9d5d0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0033.575] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b9d5d0, cFileName="..", cAlternateFileName="")) returned 1 [0033.575] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b9d5d0, cFileName="..", cAlternateFileName="")) returned 0 [0033.575] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0033.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f10 | out: hHeap=0x6d0000) returned 1 [0033.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.575] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b77470, cFileName="AY721QDR", cAlternateFileName="")) returned 1 [0033.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b70 [0033.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d38 [0033.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b70 | out: hHeap=0x6d0000) returned 1 [0033.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5e48 [0033.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5f10 [0033.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e48 | out: hHeap=0x6d0000) returned 1 [0033.575] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b9d5d0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0033.575] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b9d5d0, cFileName="..", cAlternateFileName="")) returned 1 [0033.575] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b9d5d0, cFileName="..", cAlternateFileName="")) returned 0 [0033.575] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0033.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f10 | out: hHeap=0x6d0000) returned 1 [0033.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.575] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b77470, cFileName="DZBKZBIC", cAlternateFileName="")) returned 1 [0033.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b70 [0033.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d38 [0033.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b70 | out: hHeap=0x6d0000) returned 1 [0033.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5e48 [0033.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5f10 [0033.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e48 | out: hHeap=0x6d0000) returned 1 [0033.576] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b9d5d0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0033.576] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b9d5d0, cFileName="..", cAlternateFileName="")) returned 1 [0033.576] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b9d5d0, cFileName="..", cAlternateFileName="")) returned 0 [0033.576] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0033.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f10 | out: hHeap=0x6d0000) returned 1 [0033.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.576] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x1d2dd9e, dwReserved1=0x54b77470, cFileName="index.dat", cAlternateFileName="")) returned 1 [0033.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b70 [0033.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d38 [0033.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b70 | out: hHeap=0x6d0000) returned 1 [0033.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.576] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x8000, lpOverlapped=0x0) returned 1 [0033.578] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.578] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x8000, lpOverlapped=0x0) returned 1 [0033.578] CloseHandle (hObject=0x4c) returned 1 [0033.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e48 [0033.578] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat.adv")) returned 1 [0033.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e48 | out: hHeap=0x6d0000) returned 1 [0033.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.579] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b77470, cFileName="VRLZOZ0E", cAlternateFileName="")) returned 1 [0033.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b70 [0033.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d38 [0033.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b70 | out: hHeap=0x6d0000) returned 1 [0033.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5e48 [0033.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5f10 [0033.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e48 | out: hHeap=0x6d0000) returned 1 [0033.579] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfe, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0033.579] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfe, cFileName="..", cAlternateFileName="")) returned 1 [0033.579] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfe, cFileName="..", cAlternateFileName="")) returned 0 [0033.579] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0033.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f10 | out: hHeap=0x6d0000) returned 1 [0033.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.579] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9e, dwReserved1=0x54b77470, cFileName="VRLZOZ0E", cAlternateFileName="")) returned 0 [0033.579] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c28 | out: hHeap=0x6d0000) returned 1 [0033.579] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b08 | out: hHeap=0x6d0000) returned 1 [0033.580] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x54b77470, cFileName="Low", cAlternateFileName="")) returned 0 [0033.580] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a50 | out: hHeap=0x6d0000) returned 1 [0033.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0958 | out: hHeap=0x6d0000) returned 1 [0033.580] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="UserData", cAlternateFileName="")) returned 0 [0033.580] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac8 | out: hHeap=0x6d0000) returned 1 [0033.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.580] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="MMC", cAlternateFileName="")) returned 1 [0033.580] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.580] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.580] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.580] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.580] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.580] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.580] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.581] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.581] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.581] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="MS Project", cAlternateFileName="MSPROJ~1")) returned 1 [0033.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.581] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0033.581] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.582] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.582] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="14", cAlternateFileName="")) returned 1 [0033.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0033.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a90 [0033.582] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d305fe, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.583] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d305fe, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.583] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d305fe, dwReserved1=0x8d940a0, cFileName="1033", cAlternateFileName="")) returned 1 [0033.583] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0b28 [0033.583] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5a18 [0033.583] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b28 | out: hHeap=0x6d0000) returned 1 [0033.583] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0b28 [0033.583] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d305fe, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.584] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d305fe, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.584] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xfee79d60, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x5f600, dwReserved0=0x1d305fe, dwReserved1=0x8d940a0, cFileName="Global.MPT", cAlternateFileName="")) returned 1 [0033.584] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5af8 [0033.584] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5ba0 [0033.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5af8 | out: hHeap=0x6d0000) returned 1 [0033.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.585] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5f600, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x5f600, lpOverlapped=0x0) returned 1 [0033.590] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.590] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5f600, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x5f600, lpOverlapped=0x0) returned 1 [0033.591] CloseHandle (hObject=0x4c) returned 1 [0033.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c98 [0033.591] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt.adv")) returned 1 [0033.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c98 | out: hHeap=0x6d0000) returned 1 [0033.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ba0 | out: hHeap=0x6d0000) returned 1 [0033.592] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xfee79d60, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x5f600, dwReserved0=0x1d305fe, dwReserved1=0x8d940a0, cFileName="Global.MPT", cAlternateFileName="")) returned 0 [0033.592] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b28 | out: hHeap=0x6d0000) returned 1 [0033.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.592] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d305fe, dwReserved1=0x8d940a0, cFileName="1033", cAlternateFileName="")) returned 0 [0033.592] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0033.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0033.592] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="14", cAlternateFileName="")) returned 0 [0033.592] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.592] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Network", cAlternateFileName="")) returned 1 [0033.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09e8 [0033.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.593] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.593] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.593] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0033.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.593] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.593] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName="..", cAlternateFileName="")) returned 1 [0033.593] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0033.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5b68 [0033.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5c10 [0033.594] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.594] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.594] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName="..", cAlternateFileName="")) returned 1 [0033.594] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0033.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5b68 [0033.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5d08 [0033.594] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5e00 [0033.594] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0033.594] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName="..", cAlternateFileName="")) returned 1 [0033.594] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0033.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ec8 [0033.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5f90 [0033.594] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ec8 | out: hHeap=0x6d0000) returned 1 [0033.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0033.595] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.595] CloseHandle (hObject=0x50) returned 1 [0033.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e60b8 [0033.595] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk.adv")) returned 1 [0033.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60b8 | out: hHeap=0x6d0000) returned 1 [0033.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f90 | out: hHeap=0x6d0000) returned 1 [0033.595] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0033.595] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0033.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d08 | out: hHeap=0x6d0000) returned 1 [0033.596] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 0 [0033.596] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c10 | out: hHeap=0x6d0000) returned 1 [0033.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.596] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x31a325d0, cFileName="Pbk", cAlternateFileName="")) returned 0 [0033.596] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.596] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0033.596] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e8 | out: hHeap=0x6d0000) returned 1 [0033.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.596] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Office", cAlternateFileName="")) returned 1 [0033.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09e8 [0033.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.596] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.598] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.598] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f6ce7b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f6ce7b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f6ce7b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x9382, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0033.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0033.600] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9382, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x9382, lpOverlapped=0x0) returned 1 [0033.601] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.601] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9382, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x9382, lpOverlapped=0x0) returned 1 [0033.602] CloseHandle (hObject=0x44) returned 1 [0033.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.602] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl.adv")) returned 1 [0033.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.602] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Recent", cAlternateFileName="")) returned 1 [0033.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.602] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x18f, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.604] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x18f, cFileName="..", cAlternateFileName="")) returned 1 [0033.604] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90b3d80, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x59a, dwReserved0=0x0, dwReserved1=0x18f, cFileName="Global.LNK", cAlternateFileName="")) returned 1 [0033.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5ab0 [0033.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b48 [0033.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab0 | out: hHeap=0x6d0000) returned 1 [0033.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.605] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x59a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x59a, lpOverlapped=0x0) returned 1 [0033.606] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.606] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x59a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x59a, lpOverlapped=0x0) returned 1 [0033.607] CloseHandle (hObject=0x48) returned 1 [0033.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c28 [0033.607] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk.adv")) returned 1 [0033.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c28 | out: hHeap=0x6d0000) returned 1 [0033.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b48 | out: hHeap=0x6d0000) returned 1 [0033.607] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x34, dwReserved0=0x0, dwReserved1=0x18f, cFileName="index.dat", cAlternateFileName="")) returned 1 [0033.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5ab0 [0033.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b48 [0033.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab0 | out: hHeap=0x6d0000) returned 1 [0033.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.608] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x34, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x34, lpOverlapped=0x0) returned 1 [0033.609] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.609] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x34, lpOverlapped=0x0) returned 1 [0033.609] CloseHandle (hObject=0x48) returned 1 [0033.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c28 [0033.609] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.adv")) returned 1 [0033.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c28 | out: hHeap=0x6d0000) returned 1 [0033.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b48 | out: hHeap=0x6d0000) returned 1 [0033.610] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x18f, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0033.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5ab0 [0033.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b48 [0033.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab0 | out: hHeap=0x6d0000) returned 1 [0033.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.610] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x472, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x472, lpOverlapped=0x0) returned 1 [0033.612] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.612] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x472, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x472, lpOverlapped=0x0) returned 1 [0033.612] CloseHandle (hObject=0x48) returned 1 [0033.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c28 [0033.612] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk.adv")) returned 1 [0033.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c28 | out: hHeap=0x6d0000) returned 1 [0033.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b48 | out: hHeap=0x6d0000) returned 1 [0033.613] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x18f, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 0 [0033.613] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.613] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Recent", cAlternateFileName="")) returned 0 [0033.613] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e8 | out: hHeap=0x6d0000) returned 1 [0033.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.613] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Outlook", cAlternateFileName="")) returned 1 [0033.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09e8 [0033.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.613] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.614] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.614] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de69980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5de69980, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5e0c9040, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0033.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0033.615] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xa00, lpOverlapped=0x0) returned 1 [0033.617] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.617] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xa00, lpOverlapped=0x0) returned 1 [0033.617] CloseHandle (hObject=0x44) returned 1 [0033.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.617] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs.adv")) returned 1 [0033.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.618] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0033.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0033.618] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9a2, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x9a2, lpOverlapped=0x0) returned 1 [0033.620] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.620] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9a2, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x9a2, lpOverlapped=0x0) returned 1 [0033.620] CloseHandle (hObject=0x44) returned 1 [0033.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.620] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.adv")) returned 1 [0033.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.621] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Outlook.xml", cAlternateFileName="")) returned 0 [0033.621] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e8 | out: hHeap=0x6d0000) returned 1 [0033.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.621] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="PowerPoint", cAlternateFileName="POWERP~1")) returned 1 [0033.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0033.621] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.622] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.622] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.622] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.622] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Proof", cAlternateFileName="")) returned 1 [0033.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.622] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.624] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.624] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.624] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.624] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Protect", cAlternateFileName="")) returned 1 [0033.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09e8 [0033.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.624] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.624] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.624] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0033.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0033.625] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x138, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x138, lpOverlapped=0x0) returned 1 [0033.625] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.625] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x138, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x138, lpOverlapped=0x0) returned 1 [0033.625] CloseHandle (hObject=0x44) returned 1 [0033.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.626] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist.adv")) returned 1 [0033.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.626] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0033.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11c) returned 0x6e5a18 [0033.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab0 [0033.627] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x190, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.628] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x190, cFileName="..", cAlternateFileName="")) returned 1 [0033.629] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x190, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0033.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5b40 [0033.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5c28 [0033.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b40 | out: hHeap=0x6d0000) returned 1 [0033.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.629] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.630] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.630] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.630] CloseHandle (hObject=0x48) returned 1 [0033.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e5d80 [0033.630] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.adv")) returned 1 [0033.631] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d80 | out: hHeap=0x6d0000) returned 1 [0033.631] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c28 | out: hHeap=0x6d0000) returned 1 [0033.631] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x190, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0033.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5b40 [0033.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5c28 [0033.631] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b40 | out: hHeap=0x6d0000) returned 1 [0033.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.631] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0033.632] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.632] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0033.632] CloseHandle (hObject=0x48) returned 1 [0033.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5d80 [0033.632] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.adv")) returned 1 [0033.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d80 | out: hHeap=0x6d0000) returned 1 [0033.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c28 | out: hHeap=0x6d0000) returned 1 [0033.633] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x190, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0033.633] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.633] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa00d1450, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa00d1450, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0033.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11c) returned 0x6e5a18 [0033.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab0 [0033.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5b40 [0033.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.633] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa00d1450, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa00d1450, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x190, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.633] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa00d1450, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa00d1450, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x190, cFileName="..", cAlternateFileName="")) returned 1 [0033.633] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf923e050, ftCreationTime.dwHighDateTime=0x1d3aab9, ftLastAccessTime.dwLowDateTime=0xf923e050, ftLastAccessTime.dwHighDateTime=0x1d3aab9, ftLastWriteTime.dwLowDateTime=0xf923e050, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x190, cFileName="02540a10-7eb7-4b20-a8c7-470f8986389c", cAlternateFileName="02540A~1")) returned 1 [0033.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab0 [0033.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5c98 [0033.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.636] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.637] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.637] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.637] CloseHandle (hObject=0x48) returned 1 [0033.637] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0ab0 [0033.637] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.adv")) returned 1 [0033.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c98 | out: hHeap=0x6d0000) returned 1 [0033.638] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xdc5ea830, ftCreationTime.dwHighDateTime=0x1d41fce, ftLastAccessTime.dwLowDateTime=0xdc5ea830, ftLastAccessTime.dwHighDateTime=0x1d41fce, ftLastWriteTime.dwLowDateTime=0xdc5ea830, ftLastWriteTime.dwHighDateTime=0x1d41fce, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x190, cFileName="0e15476d-d8fe-46ca-8099-ebdcf80f637c", cAlternateFileName="0E1547~1")) returned 1 [0033.638] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab0 [0033.638] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5c98 [0033.638] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.638] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.639] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.639] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.639] CloseHandle (hObject=0x48) returned 1 [0033.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0ab0 [0033.639] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.adv")) returned 1 [0033.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c98 | out: hHeap=0x6d0000) returned 1 [0033.640] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf6409280, ftCreationTime.dwHighDateTime=0x1d4ae2c, ftLastAccessTime.dwLowDateTime=0xf6409280, ftLastAccessTime.dwHighDateTime=0x1d4ae2c, ftLastWriteTime.dwLowDateTime=0xf6409280, ftLastWriteTime.dwHighDateTime=0x1d4ae2c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x190, cFileName="102a7bc8-3f85-4bb4-840a-38257d2965d2", cAlternateFileName="102A7B~1")) returned 1 [0033.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab0 [0033.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5c98 [0033.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.640] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.641] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.641] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.641] CloseHandle (hObject=0x48) returned 1 [0033.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0ab0 [0033.641] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.adv")) returned 1 [0033.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c98 | out: hHeap=0x6d0000) returned 1 [0033.642] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542b0350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542b0350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x542b0350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x190, cFileName="2be989a0-16a1-424b-9211-51aa3bb43e5d", cAlternateFileName="2BE989~1")) returned 1 [0033.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab0 [0033.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5c98 [0033.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.642] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.643] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.643] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.643] CloseHandle (hObject=0x48) returned 1 [0033.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0ab0 [0033.643] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.adv")) returned 1 [0033.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c98 | out: hHeap=0x6d0000) returned 1 [0033.646] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xa00d1450, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa00d1450, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa00d1450, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x190, cFileName="a3a6b210-5e29-4ecd-a4e0-2cb361196151", cAlternateFileName="A3A6B2~1")) returned 1 [0033.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab0 [0033.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5c98 [0033.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\a3a6b210-5e29-4ecd-a4e0-2cb361196151" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\a3a6b210-5e29-4ecd-a4e0-2cb361196151"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.647] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.647] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.647] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.647] CloseHandle (hObject=0x48) returned 1 [0033.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0ab0 [0033.647] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\a3a6b210-5e29-4ecd-a4e0-2cb361196151" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\a3a6b210-5e29-4ecd-a4e0-2cb361196151"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\a3a6b210-5e29-4ecd-a4e0-2cb361196151.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\a3a6b210-5e29-4ecd-a4e0-2cb361196151.adv")) returned 1 [0033.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c98 | out: hHeap=0x6d0000) returned 1 [0033.648] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x17ffec90, ftCreationTime.dwHighDateTime=0x1d3373c, ftLastAccessTime.dwLowDateTime=0x17ffec90, ftLastAccessTime.dwHighDateTime=0x1d3373c, ftLastWriteTime.dwLowDateTime=0x18024df0, ftLastWriteTime.dwHighDateTime=0x1d3373c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x190, cFileName="fbbe72db-afd8-443b-88dd-64b20388700d", cAlternateFileName="FBBE72~1")) returned 1 [0033.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab0 [0033.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5c98 [0033.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.648] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.649] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.649] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0033.649] CloseHandle (hObject=0x48) returned 1 [0033.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0ab0 [0033.650] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.adv")) returned 1 [0033.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c98 | out: hHeap=0x6d0000) returned 1 [0033.650] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xa011d710, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x190, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0033.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab0 [0033.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e5c98 [0033.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.651] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0033.651] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.651] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0033.651] CloseHandle (hObject=0x48) returned 1 [0033.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f0ab0 [0033.652] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.adv")) returned 1 [0033.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c98 | out: hHeap=0x6d0000) returned 1 [0033.652] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xa011d710, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x190, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0033.653] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.653] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b40 | out: hHeap=0x6d0000) returned 1 [0033.653] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.653] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0033.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.653] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0033.653] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4c, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4c, lpOverlapped=0x0) returned 1 [0033.654] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.654] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4c, lpOverlapped=0x0) returned 1 [0033.654] CloseHandle (hObject=0x44) returned 1 [0033.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.654] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist.adv")) returned 1 [0033.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.655] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0033.655] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e8 | out: hHeap=0x6d0000) returned 1 [0033.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.655] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0033.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0033.655] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.657] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.657] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.657] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.657] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Publisher Building Blocks", cAlternateFileName="PUBLIS~2")) returned 1 [0033.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0960 [0033.657] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.658] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.658] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0xa8, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="ContentStore.xml", cAlternateFileName="CONTEN~1.XML")) returned 1 [0033.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a18 [0033.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ad0 [0033.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a18 | out: hHeap=0x6d0000) returned 1 [0033.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0033.659] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa8, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xa8, lpOverlapped=0x0) returned 1 [0033.660] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.660] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa8, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xa8, lpOverlapped=0x0) returned 1 [0033.660] CloseHandle (hObject=0x44) returned 1 [0033.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5a18 [0033.660] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml.adv")) returned 1 [0033.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0033.661] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0xa8, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="ContentStore.xml", cAlternateFileName="CONTEN~1.XML")) returned 0 [0033.661] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.661] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Speech", cAlternateFileName="")) returned 1 [0033.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09e8 [0033.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.661] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.662] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.662] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 0 [0033.662] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e8 | out: hHeap=0x6d0000) returned 1 [0033.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.662] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0033.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0960 [0033.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.663] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.663] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="My", cAlternateFileName="")) returned 1 [0033.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a08 [0033.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab0 [0033.663] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.663] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.663] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0033.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5ac0 [0033.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5bb8 [0033.663] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.663] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.663] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 0 [0033.663] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5bb8 | out: hHeap=0x6d0000) returned 1 [0033.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.663] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="CRLs", cAlternateFileName="")) returned 1 [0033.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5ac0 [0033.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5bb8 [0033.664] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.664] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.664] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 0 [0033.664] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5bb8 | out: hHeap=0x6d0000) returned 1 [0033.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.664] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="CTLs", cAlternateFileName="")) returned 1 [0033.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5ac0 [0033.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5bb8 [0033.664] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.664] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.664] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 0 [0033.664] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5bb8 | out: hHeap=0x6d0000) returned 1 [0033.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.664] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="CTLs", cAlternateFileName="")) returned 0 [0033.664] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a08 | out: hHeap=0x6d0000) returned 1 [0033.664] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="My", cAlternateFileName="")) returned 0 [0033.664] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.665] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0033.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0033.665] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.666] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.666] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5db78910, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x509b, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0033.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0033.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0033.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0033.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0033.666] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x509b, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x509b, lpOverlapped=0x0) returned 1 [0033.668] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.668] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x509b, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x509b, lpOverlapped=0x0) returned 1 [0033.668] CloseHandle (hObject=0x44) returned 1 [0033.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5a18 [0033.668] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm.adv")) returned 1 [0033.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0033.669] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5db78910, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x509b, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 0 [0033.669] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.669] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="UProof", cAlternateFileName="")) returned 1 [0033.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09e8 [0033.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.669] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.670] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.670] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0033.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0033.671] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2, lpOverlapped=0x0) returned 1 [0033.672] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.672] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2, lpOverlapped=0x0) returned 1 [0033.672] CloseHandle (hObject=0x44) returned 1 [0033.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.673] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic.adv")) returned 1 [0033.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.673] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 0 [0033.673] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0033.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e8 | out: hHeap=0x6d0000) returned 1 [0033.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0033.673] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Windows", cAlternateFileName="")) returned 1 [0033.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0033.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0033.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0033.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09e8 [0033.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.673] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0033.674] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0033.674] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0033.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.674] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5ab0 [0033.674] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.674] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.674] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.674] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1c3625f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1c3625f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1c3625f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x53, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5p5nrgjn0js_halpmcxz@adobe[1].txt", cAlternateFileName="5P5NRG~1.TXT")) returned 1 [0033.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.674] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.675] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x53, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x53, lpOverlapped=0x0) returned 1 [0033.676] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.676] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x53, lpOverlapped=0x0) returned 1 [0033.676] CloseHandle (hObject=0x48) returned 1 [0033.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5c70 [0033.676] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.adv")) returned 1 [0033.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.677] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d72bcd0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e6a4bd0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e6a4bd0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x227, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5p5nrgjn0js_halpmcxz@adobe[3].txt", cAlternateFileName="5P0100~1.TXT")) returned 1 [0033.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.678] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x227, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x227, lpOverlapped=0x0) returned 1 [0033.679] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.679] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x227, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x227, lpOverlapped=0x0) returned 1 [0033.679] CloseHandle (hObject=0x48) returned 1 [0033.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5c70 [0033.679] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.adv")) returned 1 [0033.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.680] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d8f4d50, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e658910, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xf1, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5p5nrgjn0js_halpmcxz@demdex[1].txt", cAlternateFileName="5PFFE8~1.TXT")) returned 1 [0033.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.681] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf1, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf1, lpOverlapped=0x0) returned 1 [0033.682] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.682] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf1, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf1, lpOverlapped=0x0) returned 1 [0033.682] CloseHandle (hObject=0x48) returned 1 [0033.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5c70 [0033.682] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.adv")) returned 1 [0033.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.684] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e658910, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e658910, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", cAlternateFileName="5PB43E~1.TXT")) returned 1 [0033.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5c70 [0033.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.684] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6f, lpOverlapped=0x0) returned 1 [0033.685] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.685] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6f, lpOverlapped=0x0) returned 1 [0033.685] CloseHandle (hObject=0x48) returned 1 [0033.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5db8 [0033.685] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.adv")) returned 1 [0033.686] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5db8 | out: hHeap=0x6d0000) returned 1 [0033.686] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.686] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1dcf9270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x6e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5p5nrgjn0js_halpmcxz@everesttech[1].txt", cAlternateFileName="5P5NRG~4.TXT")) returned 1 [0033.686] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.686] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.686] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.686] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e5c70 [0033.686] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.687] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x6e, lpOverlapped=0x0) returned 1 [0033.688] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.688] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x6e, lpOverlapped=0x0) returned 1 [0033.688] CloseHandle (hObject=0x48) returned 1 [0033.688] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5db8 [0033.688] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.adv")) returned 1 [0033.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5db8 | out: hHeap=0x6d0000) returned 1 [0033.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.689] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86af2d0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5p5nrgjn0js_halpmcxz@google[2].txt", cAlternateFileName="5P5NRG~2.TXT")) returned 1 [0033.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.691] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x114, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x114, lpOverlapped=0x0) returned 1 [0033.691] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.692] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x114, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x114, lpOverlapped=0x0) returned 1 [0033.692] CloseHandle (hObject=0x48) returned 1 [0033.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5c70 [0033.692] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.adv")) returned 1 [0033.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.693] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1dcf9270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x56, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5p5nrgjn0js_halpmcxz@ml314[1].txt", cAlternateFileName="5P0DBF~1.TXT")) returned 1 [0033.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.693] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x56, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x56, lpOverlapped=0x0) returned 1 [0033.694] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.694] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x56, lpOverlapped=0x0) returned 1 [0033.694] CloseHandle (hObject=0x48) returned 1 [0033.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5c70 [0033.694] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.adv")) returned 1 [0033.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.695] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e5e64f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e5e64f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e5e64f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x19e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", cAlternateFileName="5P94E6~1.TXT")) returned 1 [0033.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.696] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x19e, lpOverlapped=0x0) returned 1 [0033.697] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.697] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x19e, lpOverlapped=0x0) returned 1 [0033.697] CloseHandle (hObject=0x48) returned 1 [0033.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5c70 [0033.697] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.adv")) returned 1 [0033.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.698] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2ff9890, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="index.dat", cAlternateFileName="")) returned 1 [0033.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0033.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.698] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Low", cAlternateFileName="")) returned 1 [0033.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5c70 [0033.698] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.702] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="..", cAlternateFileName="")) returned 1 [0033.704] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44eb6480, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44eb6480, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44eb6480, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", cAlternateFileName="5P9943~1.TXT")) returned 1 [0033.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5dc0 [0033.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.704] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x66, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x66, lpOverlapped=0x0) returned 1 [0033.705] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.705] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x66, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x66, lpOverlapped=0x0) returned 1 [0033.705] CloseHandle (hObject=0x4c) returned 1 [0033.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e5ec8 [0033.705] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.adv")) returned 1 [0033.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ec8 | out: hHeap=0x6d0000) returned 1 [0033.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.706] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bd95f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bd95f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bd95f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", cAlternateFileName="5P37D9~1.TXT")) returned 1 [0033.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.706] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x66, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x66, lpOverlapped=0x0) returned 1 [0033.707] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.707] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x66, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x66, lpOverlapped=0x0) returned 1 [0033.707] CloseHandle (hObject=0x4c) returned 1 [0033.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5eb8 [0033.707] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.adv")) returned 1 [0033.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.708] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf73d210, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5d, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", cAlternateFileName="5P2CBA~1.TXT")) returned 1 [0033.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.709] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5d, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x5d, lpOverlapped=0x0) returned 1 [0033.709] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.709] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5d, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x5d, lpOverlapped=0x0) returned 1 [0033.710] CloseHandle (hObject=0x4c) returned 1 [0033.710] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.adv")) returned 1 [0033.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.710] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7d5790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7d5790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@adform[1].txt", cAlternateFileName="5P8600~1.TXT")) returned 1 [0033.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.711] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xea, lpOverlapped=0x0) returned 1 [0033.712] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.712] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xea, lpOverlapped=0x0) returned 1 [0033.712] CloseHandle (hObject=0x4c) returned 1 [0033.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.712] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.adv")) returned 1 [0033.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.713] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe5d5130, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0x45f08810, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45f08810, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x242, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@adnxs[1].txt", cAlternateFileName="5P89EF~1.TXT")) returned 1 [0033.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.713] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x242, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x242, lpOverlapped=0x0) returned 1 [0033.715] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.715] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x242, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x242, lpOverlapped=0x0) returned 1 [0033.715] CloseHandle (hObject=0x4c) returned 1 [0033.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.715] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.adv")) returned 1 [0033.716] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.716] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.716] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x65, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@adtech[2].txt", cAlternateFileName="5PC5B2~1.TXT")) returned 1 [0033.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.716] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.716] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x65, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x65, lpOverlapped=0x0) returned 1 [0033.717] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.717] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x65, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x65, lpOverlapped=0x0) returned 1 [0033.717] CloseHandle (hObject=0x4c) returned 1 [0033.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.717] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.adv")) returned 1 [0033.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.718] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53c70990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53c70990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53c70990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@adtr02[1].txt", cAlternateFileName="5P5NRG~3.TXT")) returned 1 [0033.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.718] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x52, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x52, lpOverlapped=0x0) returned 1 [0033.719] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.719] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x52, lpOverlapped=0x0) returned 1 [0033.719] CloseHandle (hObject=0x4c) returned 1 [0033.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.720] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.adv")) returned 1 [0033.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.720] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x517fd8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51332930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x51332930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@advertising[1].txt", cAlternateFileName="5P5NRG~1.TXT")) returned 1 [0033.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.720] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.721] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x125, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x125, lpOverlapped=0x0) returned 1 [0033.721] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.722] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x125, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x125, lpOverlapped=0x0) returned 1 [0033.722] CloseHandle (hObject=0x4c) returned 1 [0033.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.722] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.adv")) returned 1 [0033.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.722] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54cce0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54cce0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54cce0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@api.bing[2].txt", cAlternateFileName="5P40FC~1.TXT")) returned 1 [0033.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.723] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xdd, lpOverlapped=0x0) returned 1 [0033.724] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.724] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xdd, lpOverlapped=0x0) returned 1 [0033.724] CloseHandle (hObject=0x4c) returned 1 [0033.724] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.724] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.adv")) returned 1 [0033.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.725] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4611db50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4611db50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4611db50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x201, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", cAlternateFileName="5P74F0~1.TXT")) returned 1 [0033.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.725] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x201, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x201, lpOverlapped=0x0) returned 1 [0033.726] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.726] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x201, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x201, lpOverlapped=0x0) returned 1 [0033.726] CloseHandle (hObject=0x4c) returned 1 [0033.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.726] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.adv")) returned 1 [0033.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.727] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x534b4210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x562c6900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x562c6900, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1ea, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@bing[1].txt", cAlternateFileName="5PBE12~1.TXT")) returned 1 [0033.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.727] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1ea, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1ea, lpOverlapped=0x0) returned 1 [0033.728] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.728] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1ea, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1ea, lpOverlapped=0x0) returned 1 [0033.728] CloseHandle (hObject=0x4c) returned 1 [0033.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.729] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt.adv")) returned 1 [0033.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.729] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@c.bing[1].txt", cAlternateFileName="5P5NRG~2.TXT")) returned 1 [0033.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.729] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.730] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c8, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1c8, lpOverlapped=0x0) returned 1 [0033.731] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.731] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c8, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1c8, lpOverlapped=0x0) returned 1 [0033.731] CloseHandle (hObject=0x4c) returned 1 [0033.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.731] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.adv")) returned 1 [0033.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.731] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdf95770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdf95770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdf95770, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x82, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@c.msn[1].txt", cAlternateFileName="5PB89C~1.TXT")) returned 1 [0033.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.732] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x82, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x82, lpOverlapped=0x0) returned 1 [0033.733] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.733] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x82, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x82, lpOverlapped=0x0) returned 1 [0033.733] CloseHandle (hObject=0x4c) returned 1 [0033.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.733] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.adv")) returned 1 [0033.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.734] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6301df20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63a15b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63a15b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", cAlternateFileName="5P93CC~1.TXT")) returned 1 [0033.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.734] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x110, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x110, lpOverlapped=0x0) returned 1 [0033.735] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.735] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x110, lpOverlapped=0x0) returned 1 [0033.735] CloseHandle (hObject=0x4c) returned 1 [0033.735] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.735] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.adv")) returned 1 [0033.736] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.736] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.736] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61093ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61093ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61093ba0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@google[1].txt", cAlternateFileName="5P12F9~1.TXT")) returned 1 [0033.736] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.736] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.736] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.736] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x256, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x256, lpOverlapped=0x0) returned 1 [0033.738] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.738] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x256, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x256, lpOverlapped=0x0) returned 1 [0033.738] CloseHandle (hObject=0x4c) returned 1 [0033.738] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.738] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt.adv")) returned 1 [0033.739] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.739] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.739] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@google[3].txt", cAlternateFileName="5P692F~1.TXT")) returned 1 [0033.739] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.739] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.739] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.739] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc4, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xc4, lpOverlapped=0x0) returned 1 [0033.740] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.740] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xc4, lpOverlapped=0x0) returned 1 [0033.740] CloseHandle (hObject=0x4c) returned 1 [0033.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.740] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.adv")) returned 1 [0033.741] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.741] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.741] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e777a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64e777a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64e777a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x21f, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@google[4].txt", cAlternateFileName="5P3B8C~1.TXT")) returned 1 [0033.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.741] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.742] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21f, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x21f, lpOverlapped=0x0) returned 1 [0033.742] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.742] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21f, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x21f, lpOverlapped=0x0) returned 1 [0033.742] CloseHandle (hObject=0x4c) returned 1 [0033.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.743] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt.adv")) returned 1 [0033.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.743] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x465ba5f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x465ba5f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x465ba5f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@linkedin[1].txt", cAlternateFileName="5P1C80~1.TXT")) returned 1 [0033.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.743] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.744] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x110, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x110, lpOverlapped=0x0) returned 1 [0033.744] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.745] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x110, lpOverlapped=0x0) returned 1 [0033.745] CloseHandle (hObject=0x4c) returned 1 [0033.745] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.745] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.adv")) returned 1 [0033.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.745] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa5cef0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa5cef0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfa5cef0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x76, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", cAlternateFileName="5PD7A3~1.TXT")) returned 1 [0033.746] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.746] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.746] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.746] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x76, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x76, lpOverlapped=0x0) returned 1 [0033.747] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.747] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x76, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x76, lpOverlapped=0x0) returned 1 [0033.747] CloseHandle (hObject=0x4c) returned 1 [0033.747] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.747] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.adv")) returned 1 [0033.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.748] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b50050, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50b50050, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50b50050, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x337, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@msn[1].txt", cAlternateFileName="5PBFF9~1.TXT")) returned 1 [0033.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.748] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x337, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x337, lpOverlapped=0x0) returned 1 [0033.750] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.750] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x337, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x337, lpOverlapped=0x0) returned 1 [0033.750] CloseHandle (hObject=0x4c) returned 1 [0033.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5eb8 [0033.750] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt.adv")) returned 1 [0033.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.750] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", cAlternateFileName="5P5NRG~4.TXT")) returned 1 [0033.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5dc0 [0033.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.751] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xce, lpOverlapped=0x0) returned 1 [0033.752] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.752] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xce, lpOverlapped=0x0) returned 1 [0033.752] CloseHandle (hObject=0x4c) returned 1 [0033.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5ec8 [0033.752] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.adv")) returned 1 [0033.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ec8 | out: hHeap=0x6d0000) returned 1 [0033.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.753] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf73d210, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6c, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", cAlternateFileName="5P4910~1.TXT")) returned 1 [0033.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5dc0 [0033.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.753] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6c, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x6c, lpOverlapped=0x0) returned 1 [0033.754] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.754] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6c, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x6c, lpOverlapped=0x0) returned 1 [0033.754] CloseHandle (hObject=0x4c) returned 1 [0033.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5ec8 [0033.754] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.adv")) returned 1 [0033.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ec8 | out: hHeap=0x6d0000) returned 1 [0033.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.755] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf99e810, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf99e810, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf99e810, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x68, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@skadtec[1].txt", cAlternateFileName="5P37A2~1.TXT")) returned 1 [0033.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.755] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x68, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x68, lpOverlapped=0x0) returned 1 [0033.756] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.756] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x68, lpOverlapped=0x0) returned 1 [0033.756] CloseHandle (hObject=0x4c) returned 1 [0033.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.757] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.adv")) returned 1 [0033.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.757] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf54e030, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@track.adform[2].txt", cAlternateFileName="5PD4D3~1.TXT")) returned 1 [0033.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.758] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb2, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xb2, lpOverlapped=0x0) returned 1 [0033.758] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.758] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb2, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xb2, lpOverlapped=0x0) returned 1 [0033.759] CloseHandle (hObject=0x4c) returned 1 [0033.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5eb8 [0033.759] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.adv")) returned 1 [0033.759] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.759] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.759] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x555a9a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x555a9a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x555a9a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@www.bing[2].txt", cAlternateFileName="5PA943~1.TXT")) returned 1 [0033.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.759] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.760] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xd7, lpOverlapped=0x0) returned 1 [0033.761] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.761] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xd7, lpOverlapped=0x0) returned 1 [0033.761] CloseHandle (hObject=0x4c) returned 1 [0033.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.761] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.adv")) returned 1 [0033.763] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.763] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.764] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54d8c7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa9, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", cAlternateFileName="5PC3D9~1.TXT")) returned 1 [0033.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5dc0 [0033.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.764] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa9, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xa9, lpOverlapped=0x0) returned 1 [0033.765] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.765] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa9, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xa9, lpOverlapped=0x0) returned 1 [0033.765] CloseHandle (hObject=0x4c) returned 1 [0033.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e5eb8 [0033.765] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.adv")) returned 1 [0033.766] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.766] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.766] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4523d1d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x526fc010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x526fc010, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x402, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="5p5nrgjn0js_halpmcxz@www.msn[2].txt", cAlternateFileName="5PD551~1.TXT")) returned 1 [0033.766] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.766] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.766] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.766] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x402, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x402, lpOverlapped=0x0) returned 1 [0033.768] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.768] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x402, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x402, lpOverlapped=0x0) returned 1 [0033.768] CloseHandle (hObject=0x4c) returned 1 [0033.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5eb8 [0033.768] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.adv")) returned 1 [0033.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.769] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x432daef0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="index.dat", cAlternateFileName="")) returned 1 [0033.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5d18 [0033.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5dc0 [0033.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0033.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.769] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x8000, lpOverlapped=0x0) returned 1 [0033.771] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.771] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x8000, lpOverlapped=0x0) returned 1 [0033.771] CloseHandle (hObject=0x4c) returned 1 [0033.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5eb8 [0033.772] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat.adv")) returned 1 [0033.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5eb8 | out: hHeap=0x6d0000) returned 1 [0033.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dc0 | out: hHeap=0x6d0000) returned 1 [0033.772] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x432daef0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x2e0078, dwReserved1=0x610064, cFileName="index.dat", cAlternateFileName="")) returned 0 [0033.772] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.772] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Low", cAlternateFileName="")) returned 0 [0033.772] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab0 | out: hHeap=0x6d0000) returned 1 [0033.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.772] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0033.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.773] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.773] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.773] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Low", cAlternateFileName="")) returned 1 [0033.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0033.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c60 [0033.773] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.773] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.773] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 0 [0033.773] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c60 | out: hHeap=0x6d0000) returned 1 [0033.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.773] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Low", cAlternateFileName="")) returned 0 [0033.773] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.774] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.774] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.774] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.774] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x54361220, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="index.dat", cAlternateFileName="")) returned 1 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0033.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0033.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.774] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f0dcf10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Low", cAlternateFileName="")) returned 1 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5b68 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5c10 [0033.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.774] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f0dcf10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x64006e, dwReserved1=0x780065, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.774] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f0dcf10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x64006e, dwReserved1=0x780065, cFileName="..", cAlternateFileName="")) returned 1 [0033.774] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f0dcf10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64c3a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x64006e, dwReserved1=0x780065, cFileName="index.dat", cAlternateFileName="")) returned 1 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5b68 [0033.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5d08 [0033.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.775] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x40000, lpOverlapped=0x0) returned 1 [0033.779] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.779] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x40000, lpOverlapped=0x0) returned 1 [0033.780] CloseHandle (hObject=0x4c) returned 1 [0033.780] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5e00 [0033.780] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat.adv")) returned 1 [0033.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d08 | out: hHeap=0x6d0000) returned 1 [0033.780] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f0dcf10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64c3a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x64006e, dwReserved1=0x780065, cFileName="index.dat", cAlternateFileName="")) returned 0 [0033.780] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c10 | out: hHeap=0x6d0000) returned 1 [0033.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.780] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f0dcf10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Low", cAlternateFileName="")) returned 0 [0033.780] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.780] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0033.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0033.781] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.781] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.781] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0033.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0033.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.781] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x112, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x112, lpOverlapped=0x0) returned 1 [0033.782] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.782] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x112, lpOverlapped=0x0) returned 1 [0033.782] CloseHandle (hObject=0x48) returned 1 [0033.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c60 [0033.782] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini.adv")) returned 1 [0033.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c60 | out: hHeap=0x6d0000) returned 1 [0033.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.783] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d1e12e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2b, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Documents.library-ms", cAlternateFileName="DOCUME~1.LIB")) returned 1 [0033.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0033.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.783] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe2b, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe2b, lpOverlapped=0x0) returned 1 [0033.784] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.784] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe2b, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe2b, lpOverlapped=0x0) returned 1 [0033.784] CloseHandle (hObject=0x48) returned 1 [0033.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c60 [0033.784] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.adv")) returned 1 [0033.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c60 | out: hHeap=0x6d0000) returned 1 [0033.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.785] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Music.library-ms", cAlternateFileName="MUSIC~1.LIB")) returned 1 [0033.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0033.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.786] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe00, lpOverlapped=0x0) returned 1 [0033.786] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.786] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe00, lpOverlapped=0x0) returned 1 [0033.787] CloseHandle (hObject=0x48) returned 1 [0033.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c60 [0033.787] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.adv")) returned 1 [0033.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c60 | out: hHeap=0x6d0000) returned 1 [0033.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.787] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe23, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Pictures.library-ms", cAlternateFileName="PICTUR~1.LIB")) returned 1 [0033.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.788] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0033.788] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.788] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe23, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe23, lpOverlapped=0x0) returned 1 [0033.789] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.789] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe23, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe23, lpOverlapped=0x0) returned 1 [0033.789] CloseHandle (hObject=0x48) returned 1 [0033.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c60 [0033.789] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.adv")) returned 1 [0033.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c60 | out: hHeap=0x6d0000) returned 1 [0033.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.790] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe0e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 1 [0033.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0033.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.790] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe0e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe0e, lpOverlapped=0x0) returned 1 [0033.791] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.791] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe0e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe0e, lpOverlapped=0x0) returned 1 [0033.791] CloseHandle (hObject=0x48) returned 1 [0033.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c60 [0033.791] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.adv")) returned 1 [0033.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c60 | out: hHeap=0x6d0000) returned 1 [0033.792] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe0e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 0 [0033.792] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.792] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0033.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.792] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.793] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.793] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 0 [0033.793] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.793] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0033.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.793] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.793] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.793] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 0 [0033.793] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.793] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x94fde710, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0033.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.793] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x94fde710, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.794] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x94fde710, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.794] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x94fde710, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x2bc126f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="index.dat", cAlternateFileName="")) returned 1 [0033.794] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.794] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0033.794] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.795] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x8000, lpOverlapped=0x0) returned 1 [0033.797] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.797] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x8000, lpOverlapped=0x0) returned 1 [0033.797] CloseHandle (hObject=0x48) returned 1 [0033.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c60 [0033.797] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat.adv")) returned 1 [0033.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c60 | out: hHeap=0x6d0000) returned 1 [0033.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.798] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Low", cAlternateFileName="")) returned 1 [0033.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0033.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5b68 [0033.798] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x142, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.798] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x142, cFileName="..", cAlternateFileName="")) returned 1 [0033.798] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x50fa8bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1c000, dwReserved0=0x0, dwReserved1=0x142, cFileName="index.dat", cAlternateFileName="")) returned 1 [0033.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5c10 [0033.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5cb8 [0033.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c10 | out: hHeap=0x6d0000) returned 1 [0033.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.798] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1c000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1c000, lpOverlapped=0x0) returned 1 [0033.801] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.801] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1c000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1c000, lpOverlapped=0x0) returned 1 [0033.801] CloseHandle (hObject=0x4c) returned 1 [0033.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5db0 [0033.801] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat.adv")) returned 1 [0033.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5db0 | out: hHeap=0x6d0000) returned 1 [0033.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5cb8 | out: hHeap=0x6d0000) returned 1 [0033.802] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x50fa8bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1c000, dwReserved0=0x0, dwReserved1=0x142, cFileName="index.dat", cAlternateFileName="")) returned 0 [0033.803] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0033.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0033.803] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Low", cAlternateFileName="")) returned 0 [0033.803] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0033.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0033.803] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa40f04f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40f04f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Recent", cAlternateFileName="")) returned 1 [0033.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0033.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0033.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0033.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5ab0 [0033.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa40f04f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40f04f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0033.803] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa40f04f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40f04f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0033.803] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3d38290, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3d38290, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3d38290, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe66, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="--bAvzOf.lnk", cAlternateFileName="")) returned 1 [0033.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\--bAvzOf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\--bavzof.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.804] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe66, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe66, lpOverlapped=0x0) returned 1 [0033.804] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.804] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe66, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe66, lpOverlapped=0x0) returned 1 [0033.804] CloseHandle (hObject=0x48) returned 1 [0033.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.805] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\--bAvzOf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\--bavzof.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\--bAvzOf.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\--bavzof.lnk.adv")) returned 1 [0033.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.805] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2bd01b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3be1630, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3be1630, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1bd, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="-G5R.lnk", cAlternateFileName="")) returned 1 [0033.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-G5R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-g5r.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.806] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1bd, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1bd, lpOverlapped=0x0) returned 1 [0033.807] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.807] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1bd, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1bd, lpOverlapped=0x0) returned 1 [0033.807] CloseHandle (hObject=0x48) returned 1 [0033.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.807] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-G5R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-g5r.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-G5R.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-g5r.lnk.adv")) returned 1 [0033.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.808] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1d61c50, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa40f04f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40f04f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe13, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="-kdA3_UEzgu.lnk", cAlternateFileName="-KDA3_~1.LNK")) returned 1 [0033.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-kdA3_UEzgu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-kda3_uezgu.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.808] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe13, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe13, lpOverlapped=0x0) returned 1 [0033.809] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.809] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe13, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe13, lpOverlapped=0x0) returned 1 [0033.809] CloseHandle (hObject=0x48) returned 1 [0033.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.809] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-kdA3_UEzgu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-kda3_uezgu.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-kdA3_UEzgu.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-kda3_uezgu.lnk.adv")) returned 1 [0033.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.810] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa39f2450, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa39f2450, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa39f2450, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1fd, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="0r2DOGOmozF-E1KU.lnk", cAlternateFileName="0R2DOG~1.LNK")) returned 1 [0033.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0r2DOGOmozF-E1KU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0r2dogomozf-e1ku.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.811] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1fd, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1fd, lpOverlapped=0x0) returned 1 [0033.811] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.811] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1fd, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1fd, lpOverlapped=0x0) returned 1 [0033.811] CloseHandle (hObject=0x48) returned 1 [0033.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.812] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0r2DOGOmozF-E1KU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0r2dogomozf-e1ku.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0r2DOGOmozF-E1KU.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0r2dogomozf-e1ku.lnk.adv")) returned 1 [0033.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.812] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27f1df0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa27f1df0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa27f1df0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa0b, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="1iX8r_.lnk", cAlternateFileName="")) returned 1 [0033.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1iX8r_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1ix8r_.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.813] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa0b, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa0b, lpOverlapped=0x0) returned 1 [0033.813] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.813] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa0b, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa0b, lpOverlapped=0x0) returned 1 [0033.814] CloseHandle (hObject=0x48) returned 1 [0033.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.814] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1iX8r_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1ix8r_.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1iX8r_.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1ix8r_.lnk.adv")) returned 1 [0033.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.815] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3803270, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3803270, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3803270, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xef4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="1Xp_0TW0bFUtM1.lnk", cAlternateFileName="1XP_0T~1.LNK")) returned 1 [0033.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1Xp_0TW0bFUtM1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1xp_0tw0bfutm1.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.815] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xef4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xef4, lpOverlapped=0x0) returned 1 [0033.816] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.816] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xef4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xef4, lpOverlapped=0x0) returned 1 [0033.816] CloseHandle (hObject=0x48) returned 1 [0033.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.816] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1Xp_0TW0bFUtM1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1xp_0tw0bfutm1.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1Xp_0TW0bFUtM1.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1xp_0tw0bfutm1.lnk.adv")) returned 1 [0033.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.817] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa32a80f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa32a80f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa32a80f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x193a, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="2nt9QLq.lnk", cAlternateFileName="")) returned 1 [0033.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2nt9QLq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2nt9qlq.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.817] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x193a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x193a, lpOverlapped=0x0) returned 1 [0033.818] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.818] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x193a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x193a, lpOverlapped=0x0) returned 1 [0033.818] CloseHandle (hObject=0x48) returned 1 [0033.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.818] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2nt9QLq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2nt9qlq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2nt9QLq.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2nt9qlq.lnk.adv")) returned 1 [0033.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.819] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa38293d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa38293d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa38293d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf98, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="2sPb cSkk-.lnk", cAlternateFileName="2SPBCS~1.LNK")) returned 1 [0033.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sPb cSkk-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2spb cskk-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.819] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf98, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf98, lpOverlapped=0x0) returned 1 [0033.820] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.820] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf98, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf98, lpOverlapped=0x0) returned 1 [0033.820] CloseHandle (hObject=0x48) returned 1 [0033.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.820] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sPb cSkk-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2spb cskk-.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2sPb cSkk-.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2spb cskk-.lnk.adv")) returned 1 [0033.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.821] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2eefe90, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2eefe90, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2eefe90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1a9f, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="2TMIclV3ChpQqf6aBK N.lnk", cAlternateFileName="2TMICL~1.LNK")) returned 1 [0033.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2TMIclV3ChpQqf6aBK N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2tmiclv3chpqqf6abk n.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.821] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a9f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1a9f, lpOverlapped=0x0) returned 1 [0033.822] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.822] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a9f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1a9f, lpOverlapped=0x0) returned 1 [0033.822] CloseHandle (hObject=0x48) returned 1 [0033.822] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.822] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2TMIclV3ChpQqf6aBK N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2tmiclv3chpqqf6abk n.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2TMIclV3ChpQqf6aBK N.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2tmiclv3chpqqf6abk n.lnk.adv")) returned 1 [0033.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.823] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3eb5050, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3eb5050, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3edb1b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf2a, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="30HcJqLGENWr8Hb.lnk", cAlternateFileName="30HCJQ~1.LNK")) returned 1 [0033.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\30HcJqLGENWr8Hb.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\30hcjqlgenwr8hb.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.824] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf2a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf2a, lpOverlapped=0x0) returned 1 [0033.824] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.824] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf2a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf2a, lpOverlapped=0x0) returned 1 [0033.825] CloseHandle (hObject=0x48) returned 1 [0033.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.825] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\30HcJqLGENWr8Hb.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\30hcjqlgenwr8hb.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\30HcJqLGENWr8Hb.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\30hcjqlgenwr8hb.lnk.adv")) returned 1 [0033.825] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.826] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa319d750, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa319d750, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa319d750, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="31Ojeoca_XxXMGid2.lnk", cAlternateFileName="31OJEO~1.LNK")) returned 1 [0033.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\31Ojeoca_XxXMGid2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\31ojeoca_xxxmgid2.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.826] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa84, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa84, lpOverlapped=0x0) returned 1 [0033.827] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.827] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa84, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa84, lpOverlapped=0x0) returned 1 [0033.827] CloseHandle (hObject=0x48) returned 1 [0033.827] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.827] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\31Ojeoca_XxXMGid2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\31ojeoca_xxxmgid2.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\31Ojeoca_XxXMGid2.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\31ojeoca_xxxmgid2.lnk.adv")) returned 1 [0033.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.828] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa344b010, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa344b010, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa344b010, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x20a0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="322JD.lnk", cAlternateFileName="")) returned 1 [0033.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\322JD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\322jd.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.828] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20a0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x20a0, lpOverlapped=0x0) returned 1 [0033.829] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.829] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20a0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x20a0, lpOverlapped=0x0) returned 1 [0033.829] CloseHandle (hObject=0x48) returned 1 [0033.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.829] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\322JD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\322jd.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\322JD.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\322jd.lnk.adv")) returned 1 [0033.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.830] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa21fe6f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa4057f70, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa4057f70, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x952, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="3DMP.lnk", cAlternateFileName="")) returned 1 [0033.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3DMP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3dmp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.830] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x952, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x952, lpOverlapped=0x0) returned 1 [0033.831] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.831] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x952, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x952, lpOverlapped=0x0) returned 1 [0033.831] CloseHandle (hObject=0x48) returned 1 [0033.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.831] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3DMP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3dmp.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3DMP.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3dmp.lnk.adv")) returned 1 [0033.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.832] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3875690, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3875690, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3875690, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x13a9, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="3MIjAs.lnk", cAlternateFileName="")) returned 1 [0033.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3MIjAs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3mijas.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.832] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13a9, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x13a9, lpOverlapped=0x0) returned 1 [0033.833] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.833] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13a9, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x13a9, lpOverlapped=0x0) returned 1 [0033.833] CloseHandle (hObject=0x48) returned 1 [0033.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.833] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3MIjAs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3mijas.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3MIjAs.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3mijas.lnk.adv")) returned 1 [0033.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.834] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa200f510, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa40ca390, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40ca390, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1379, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="45n-Vl_-z5dwIAG3P.lnk", cAlternateFileName="45N-VL~1.LNK")) returned 1 [0033.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\45n-Vl_-z5dwIAG3P.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\45n-vl_-z5dwiag3p.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.835] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1379, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1379, lpOverlapped=0x0) returned 1 [0033.835] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.835] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1379, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1379, lpOverlapped=0x0) returned 1 [0033.835] CloseHandle (hObject=0x48) returned 1 [0033.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.835] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\45n-Vl_-z5dwIAG3P.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\45n-vl_-z5dwiag3p.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\45n-Vl_-z5dwIAG3P.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\45n-vl_-z5dwiag3p.lnk.adv")) returned 1 [0033.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.836] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3151490, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3151490, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3151490, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1948, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="47zjJ2- 7F.lnk", cAlternateFileName="47ZJJ2~1.LNK")) returned 1 [0033.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.837] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\47zjJ2- 7F.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\47zjj2- 7f.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.837] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1948, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1948, lpOverlapped=0x0) returned 1 [0033.837] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.838] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1948, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1948, lpOverlapped=0x0) returned 1 [0033.838] CloseHandle (hObject=0x48) returned 1 [0033.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.838] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\47zjJ2- 7F.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\47zjj2- 7f.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\47zjJ2- 7F.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\47zjj2- 7f.lnk.adv")) returned 1 [0033.839] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.839] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.839] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f73730, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3f73730, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3f99890, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x9f1, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="4K h.lnk", cAlternateFileName="4KH~1.LNK")) returned 1 [0033.839] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.839] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.839] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4K h.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4k h.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.839] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9f1, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x9f1, lpOverlapped=0x0) returned 1 [0033.840] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.840] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9f1, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x9f1, lpOverlapped=0x0) returned 1 [0033.840] CloseHandle (hObject=0x48) returned 1 [0033.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.840] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4K h.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4k h.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4K h.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4k h.lnk.adv")) returned 1 [0033.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.841] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa384f530, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa384f530, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa384f530, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3d5, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="5P0Ka.lnk", cAlternateFileName="")) returned 1 [0033.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5P0Ka.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\5p0ka.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.842] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d5, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3d5, lpOverlapped=0x0) returned 1 [0033.842] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.842] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d5, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3d5, lpOverlapped=0x0) returned 1 [0033.842] CloseHandle (hObject=0x48) returned 1 [0033.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.843] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5P0Ka.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\5p0ka.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5P0Ka.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\5p0ka.lnk.adv")) returned 1 [0033.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.843] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3a3e710, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3a3e710, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3a3e710, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa4d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="70JuPxC rcrq.lnk", cAlternateFileName="70JUPX~1.LNK")) returned 1 [0033.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\70JuPxC rcrq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\70jupxc rcrq.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.844] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa4d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa4d, lpOverlapped=0x0) returned 1 [0033.844] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.845] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa4d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa4d, lpOverlapped=0x0) returned 1 [0033.845] CloseHandle (hObject=0x48) returned 1 [0033.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.845] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\70JuPxC rcrq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\70jupxc rcrq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\70JuPxC rcrq.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\70jupxc rcrq.lnk.adv")) returned 1 [0033.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.846] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3ab0b30, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3ab0b30, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3ab0b30, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf4f, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="agRvDiKFC4CH2bXKg-.lnk", cAlternateFileName="AGRVDI~1.LNK")) returned 1 [0033.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\agRvDiKFC4CH2bXKg-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\agrvdikfc4ch2bxkg-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.846] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf4f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf4f, lpOverlapped=0x0) returned 1 [0033.847] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.847] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf4f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf4f, lpOverlapped=0x0) returned 1 [0033.847] CloseHandle (hObject=0x48) returned 1 [0033.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.847] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\agRvDiKFC4CH2bXKg-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\agrvdikfc4ch2bxkg-.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\agRvDiKFC4CH2bXKg-.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\agrvdikfc4ch2bxkg-.lnk.adv")) returned 1 [0033.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.848] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa277f9d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa277f9d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa277f9d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xea9, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="auIPqAM.mkv.lnk", cAlternateFileName="AUIPQA~1.LNK")) returned 1 [0033.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\auIPqAM.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\auipqam.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.848] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xea9, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xea9, lpOverlapped=0x0) returned 1 [0033.849] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.849] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xea9, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xea9, lpOverlapped=0x0) returned 1 [0033.849] CloseHandle (hObject=0x48) returned 1 [0033.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.849] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\auIPqAM.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\auipqam.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\auIPqAM.mkv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\auipqam.mkv.lnk.adv")) returned 1 [0033.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.850] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce65c0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0033.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce65c0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13d, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.850] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce65c0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13d, cFileName="..", cAlternateFileName="")) returned 1 [0033.850] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa3932600, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x19a86, dwReserved0=0x0, dwReserved1=0x13d, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1 [0033.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5e00 [0033.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.851] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19a86, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x19a86, lpOverlapped=0x0) returned 1 [0033.852] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.852] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19a86, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x19a86, lpOverlapped=0x0) returned 1 [0033.852] CloseHandle (hObject=0x4c) returned 1 [0033.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e5f28 [0033.852] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.adv")) returned 1 [0033.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.853] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc606a140, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc606a140, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xa5f178d0, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x13d, cFileName="7e4dca80246863e3.automaticDestinations-ms", cAlternateFileName="7E4DCA~1.AUT")) returned 1 [0033.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5e00 [0033.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.854] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1a00, lpOverlapped=0x0) returned 1 [0033.856] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.856] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a00, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1a00, lpOverlapped=0x0) returned 1 [0033.856] CloseHandle (hObject=0x4c) returned 1 [0033.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e5f28 [0033.856] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms.adv")) returned 1 [0033.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.857] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bce65c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce4e50, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x13d, cFileName="eb282ead62b4db87.automaticDestinations-ms", cAlternateFileName="EB282E~1.AUT")) returned 1 [0033.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5e00 [0033.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.858] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xe00, lpOverlapped=0x0) returned 1 [0033.859] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.859] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xe00, lpOverlapped=0x0) returned 1 [0033.859] CloseHandle (hObject=0x4c) returned 1 [0033.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e5f28 [0033.860] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms.adv")) returned 1 [0033.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.860] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bce65c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce4e50, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x13d, cFileName="eb282ead62b4db87.automaticDestinations-ms", cAlternateFileName="EB282E~1.AUT")) returned 0 [0033.860] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.860] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2f15ff0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2f15ff0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2f15ff0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x139a, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="B49PI.lnk", cAlternateFileName="")) returned 1 [0033.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B49PI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b49pi.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.861] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x139a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x139a, lpOverlapped=0x0) returned 1 [0033.861] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.861] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x139a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x139a, lpOverlapped=0x0) returned 1 [0033.862] CloseHandle (hObject=0x48) returned 1 [0033.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.862] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B49PI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b49pi.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\B49PI.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\b49pi.lnk.adv")) returned 1 [0033.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.863] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa25b6950, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3df6970, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3df6970, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1321, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="BD_TgCx_a.lnk", cAlternateFileName="BD_TGC~1.LNK")) returned 1 [0033.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.863] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BD_TgCx_a.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bd_tgcx_a.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.863] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1321, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1321, lpOverlapped=0x0) returned 1 [0033.864] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.864] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1321, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1321, lpOverlapped=0x0) returned 1 [0033.864] CloseHandle (hObject=0x48) returned 1 [0033.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.864] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BD_TgCx_a.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bd_tgcx_a.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BD_TgCx_a.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bd_tgcx_a.lnk.adv")) returned 1 [0033.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.865] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2e317b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2e317b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2e317b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x266, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="bf09y9euTXNuFxBCG.lnk", cAlternateFileName="BF09Y9~1.LNK")) returned 1 [0033.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bf09y9euTXNuFxBCG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bf09y9eutxnufxbcg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.865] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x266, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x266, lpOverlapped=0x0) returned 1 [0033.866] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.866] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x266, lpOverlapped=0x0) returned 1 [0033.866] CloseHandle (hObject=0x48) returned 1 [0033.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.866] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bf09y9euTXNuFxBCG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bf09y9eutxnufxbcg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bf09y9euTXNuFxBCG.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bf09y9eutxnufxbcg.lnk.adv")) returned 1 [0033.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.867] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa319d750, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa319d750, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa319d750, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3f2, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="bn K8USjM2.lnk", cAlternateFileName="BNK8US~1.LNK")) returned 1 [0033.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bn K8USjM2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bn k8usjm2.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.867] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3f2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3f2, lpOverlapped=0x0) returned 1 [0033.868] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.868] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3f2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3f2, lpOverlapped=0x0) returned 1 [0033.868] CloseHandle (hObject=0x48) returned 1 [0033.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.868] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bn K8USjM2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bn k8usjm2.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bn K8USjM2.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bn k8usjm2.lnk.adv")) returned 1 [0033.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.869] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3046af0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa38e7ab0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa38e7ab0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xdd2, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="bSDa3p.lnk", cAlternateFileName="")) returned 1 [0033.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bSDa3p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bsda3p.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.870] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xdd2, lpOverlapped=0x0) returned 1 [0033.871] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.871] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xdd2, lpOverlapped=0x0) returned 1 [0033.871] CloseHandle (hObject=0x48) returned 1 [0033.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.871] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bSDa3p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bsda3p.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bSDa3p.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bsda3p.lnk.adv")) returned 1 [0033.873] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.873] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.873] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2a533f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c07790, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c07790, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x199e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="byYnvg0qRC6EmKjMZ.lnk", cAlternateFileName="BYYNVG~1.LNK")) returned 1 [0033.873] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.873] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.873] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\byYnvg0qRC6EmKjMZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\byynvg0qrc6emkjmz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.873] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x199e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x199e, lpOverlapped=0x0) returned 1 [0033.874] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.874] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x199e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x199e, lpOverlapped=0x0) returned 1 [0033.874] CloseHandle (hObject=0x48) returned 1 [0033.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.874] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\byYnvg0qRC6EmKjMZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\byynvg0qrc6emkjmz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\byYnvg0qRC6EmKjMZ.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\byynvg0qrc6emkjmz.lnk.adv")) returned 1 [0033.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.875] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3d38290, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3d38290, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3d38290, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x142a, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="cQ_2Rzr.lnk", cAlternateFileName="")) returned 1 [0033.875] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.875] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cQ_2Rzr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cq_2rzr.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.875] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x142a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x142a, lpOverlapped=0x0) returned 1 [0033.876] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.876] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x142a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x142a, lpOverlapped=0x0) returned 1 [0033.878] CloseHandle (hObject=0x48) returned 1 [0033.879] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.879] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cQ_2Rzr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cq_2rzr.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cQ_2Rzr.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cq_2rzr.lnk.adv")) returned 1 [0033.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.880] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa384f530, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa384f530, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa384f530, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xee4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="crDXzNcZVF 7.flv.lnk", cAlternateFileName="CRDXZN~1.LNK")) returned 1 [0033.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\crDXzNcZVF 7.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\crdxznczvf 7.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.880] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xee4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xee4, lpOverlapped=0x0) returned 1 [0033.881] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.881] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xee4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xee4, lpOverlapped=0x0) returned 1 [0033.881] CloseHandle (hObject=0x48) returned 1 [0033.881] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.881] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\crDXzNcZVF 7.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\crdxznczvf 7.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\crDXzNcZVF 7.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\crdxznczvf 7.flv.lnk.adv")) returned 1 [0033.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.882] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xce5f0760, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0033.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.882] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xce5f0760, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13c, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0033.883] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xce5f0760, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13c, cFileName="..", cAlternateFileName="")) returned 1 [0033.883] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc975e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x13c, cFileName="1b4dd67f29cb1962.customDestinations-ms", cAlternateFileName="1B4DD6~1.CUS")) returned 1 [0033.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5e00 [0033.883] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.884] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0033.884] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.884] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0033.885] CloseHandle (hObject=0x4c) returned 1 [0033.885] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e5f28 [0033.885] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.adv")) returned 1 [0033.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.886] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22bfd60, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0xcbe116e0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xcbe116e0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x13c, cFileName="590aee7bdd69b59b.customDestinations-ms", cAlternateFileName="590AEE~1.CUS")) returned 1 [0033.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5e00 [0033.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.887] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f68, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1f68, lpOverlapped=0x0) returned 1 [0033.888] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.888] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f68, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1f68, lpOverlapped=0x0) returned 1 [0033.888] CloseHandle (hObject=0x4c) returned 1 [0033.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e5f28 [0033.888] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms.adv")) returned 1 [0033.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.889] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2da822a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2daa8400, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x43a3, dwReserved0=0x0, dwReserved1=0x13c, cFileName="5afe4de1b92fc382.customDestinations-ms", cAlternateFileName="5AFE4D~1.CUS")) returned 1 [0033.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5e00 [0033.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.890] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43a3, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x43a3, lpOverlapped=0x0) returned 1 [0033.892] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.892] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43a3, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x43a3, lpOverlapped=0x0) returned 1 [0033.892] CloseHandle (hObject=0x4c) returned 1 [0033.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e5f28 [0033.892] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.adv")) returned 1 [0033.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.893] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17d4, dwReserved0=0x0, dwReserved1=0x13c, cFileName="5d696d521de238c3.customDestinations-ms", cAlternateFileName="5D696D~1.CUS")) returned 1 [0033.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5e00 [0033.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.894] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17d4, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x17d4, lpOverlapped=0x0) returned 1 [0033.895] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.895] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17d4, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x17d4, lpOverlapped=0x0) returned 1 [0033.895] CloseHandle (hObject=0x4c) returned 1 [0033.895] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e5f28 [0033.895] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms.adv")) returned 1 [0033.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.896] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc975e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x13c, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 1 [0033.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5e00 [0033.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.897] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0033.898] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.898] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0033.898] CloseHandle (hObject=0x4c) returned 1 [0033.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e5f28 [0033.898] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.adv")) returned 1 [0033.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.899] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cb126c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5ddd1400, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5ddd1400, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x23ff, dwReserved0=0x0, dwReserved1=0x13c, cFileName="be71009ff8bb02a2.customDestinations-ms", cAlternateFileName="BE7100~1.CUS")) returned 1 [0033.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5e00 [0033.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.901] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23ff, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x23ff, lpOverlapped=0x0) returned 1 [0033.902] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.902] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23ff, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x23ff, lpOverlapped=0x0) returned 1 [0033.902] CloseHandle (hObject=0x4c) returned 1 [0033.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e5f28 [0033.902] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms.adv")) returned 1 [0033.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.903] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a388960, ftCreationTime.dwHighDateTime=0x1d42023, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xce5f0760, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x13c, cFileName="d93f411851d7c929.customDestinations-ms", cAlternateFileName="D93F41~1.CUS")) returned 1 [0033.903] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5d38 [0033.904] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d38 | out: hHeap=0x6d0000) returned 1 [0033.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0033.905] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f68, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1f68, lpOverlapped=0x0) returned 1 [0033.906] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.906] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f68, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1f68, lpOverlapped=0x0) returned 1 [0033.907] CloseHandle (hObject=0x4c) returned 1 [0033.907] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms.adv")) returned 1 [0033.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f28 | out: hHeap=0x6d0000) returned 1 [0033.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e00 | out: hHeap=0x6d0000) returned 1 [0033.908] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a388960, ftCreationTime.dwHighDateTime=0x1d42023, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xce5f0760, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x13c, cFileName="d93f411851d7c929.customDestinations-ms", cAlternateFileName="D93F41~1.CUS")) returned 0 [0033.908] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0033.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.908] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3c2d8f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c2d8f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c2d8f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xece, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="cuWwcipJDC.flv.lnk", cAlternateFileName="CUWWCI~1.LNK")) returned 1 [0033.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cuWwcipJDC.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cuwwcipjdc.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.908] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xece, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xece, lpOverlapped=0x0) returned 1 [0033.909] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.909] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xece, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xece, lpOverlapped=0x0) returned 1 [0033.909] CloseHandle (hObject=0x48) returned 1 [0033.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.909] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cuWwcipJDC.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cuwwcipjdc.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cuWwcipJDC.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cuwwcipjdc.flv.lnk.adv")) returned 1 [0033.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.910] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3d84550, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3d84550, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3d84550, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xed0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="CWqoguhnj.flv.lnk", cAlternateFileName="CWQOGU~1.LNK")) returned 1 [0033.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CWqoguhnj.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cwqoguhnj.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.910] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xed0, lpOverlapped=0x0) returned 1 [0033.911] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.911] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xed0, lpOverlapped=0x0) returned 1 [0033.911] CloseHandle (hObject=0x48) returned 1 [0033.911] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.911] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CWqoguhnj.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cwqoguhnj.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CWqoguhnj.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cwqoguhnj.flv.lnk.adv")) returned 1 [0033.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.912] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa30df070, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa30df070, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa30df070, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x20e2, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="cx40w93hccJ.lnk", cAlternateFileName="CX40W9~1.LNK")) returned 1 [0033.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cx40w93hccJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cx40w93hccj.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.912] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20e2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x20e2, lpOverlapped=0x0) returned 1 [0033.913] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.913] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20e2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x20e2, lpOverlapped=0x0) returned 1 [0033.913] CloseHandle (hObject=0x48) returned 1 [0033.913] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.913] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cx40w93hccJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cx40w93hccj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cx40w93hccJ.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cx40w93hccj.lnk.adv")) returned 1 [0033.914] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.914] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.914] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b6f210, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3b6f210, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3b6f210, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa58, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="CXYyDJQbX2YsY.lnk", cAlternateFileName="CXYYDJ~1.LNK")) returned 1 [0033.914] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.914] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.914] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.914] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CXYyDJQbX2YsY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cxyydjqbx2ysy.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.915] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa58, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa58, lpOverlapped=0x0) returned 1 [0033.915] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.915] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa58, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa58, lpOverlapped=0x0) returned 1 [0033.915] CloseHandle (hObject=0x48) returned 1 [0033.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.916] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CXYyDJQbX2YsY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cxyydjqbx2ysy.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CXYyDJQbX2YsY.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cxyydjqbx2ysy.lnk.adv")) returned 1 [0033.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.916] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa24f8270, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3edb1b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3edb1b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x99f, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="d8GGA_dwTlP.lnk", cAlternateFileName="D8GGA_~1.LNK")) returned 1 [0033.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.917] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.917] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\d8GGA_dwTlP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\d8gga_dwtlp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.917] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x99f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x99f, lpOverlapped=0x0) returned 1 [0033.918] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.918] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x99f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x99f, lpOverlapped=0x0) returned 1 [0033.918] CloseHandle (hObject=0x48) returned 1 [0033.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.918] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\d8GGA_dwTlP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\d8gga_dwtlp.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\d8GGA_dwTlP.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\d8gga_dwtlp.lnk.adv")) returned 1 [0033.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.919] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3c53a50, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c53a50, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c79bb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe95, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="DcbX75d63p.lnk", cAlternateFileName="DCBX75~1.LNK")) returned 1 [0033.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.920] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DcbX75d63p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dcbx75d63p.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.920] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe95, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe95, lpOverlapped=0x0) returned 1 [0033.921] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.921] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe95, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe95, lpOverlapped=0x0) returned 1 [0033.921] CloseHandle (hObject=0x48) returned 1 [0033.921] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.921] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DcbX75d63p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dcbx75d63p.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DcbX75d63p.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dcbx75d63p.lnk.adv")) returned 1 [0033.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.922] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0033.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.922] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1b0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1b0, lpOverlapped=0x0) returned 1 [0033.923] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.923] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1b0, lpOverlapped=0x0) returned 1 [0033.923] CloseHandle (hObject=0x48) returned 1 [0033.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.923] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini.adv")) returned 1 [0033.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.924] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2948a50, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2948a50, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2948a50, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="DkNM Gj.lnk", cAlternateFileName="DKNMGJ~1.LNK")) returned 1 [0033.924] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.924] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.924] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DkNM Gj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dknm gj.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.924] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3e3, lpOverlapped=0x0) returned 1 [0033.925] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.925] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3e3, lpOverlapped=0x0) returned 1 [0033.925] CloseHandle (hObject=0x48) returned 1 [0033.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.925] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DkNM Gj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dknm gj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DkNM Gj.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dknm gj.lnk.adv")) returned 1 [0033.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.926] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa270d5b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa270d5b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa270d5b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x270, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="duder3TLri0JoHeS4GU.lnk", cAlternateFileName="DUDER3~1.LNK")) returned 1 [0033.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\duder3TLri0JoHeS4GU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\duder3tlri0johes4gu.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.926] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x270, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x270, lpOverlapped=0x0) returned 1 [0033.927] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.927] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x270, lpOverlapped=0x0) returned 1 [0033.927] CloseHandle (hObject=0x48) returned 1 [0033.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.927] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\duder3TLri0JoHeS4GU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\duder3tlri0johes4gu.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\duder3TLri0JoHeS4GU.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\duder3tlri0johes4gu.lnk.adv")) returned 1 [0033.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.928] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa34972d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa34972d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa34bd430, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf98, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Dz6qG0bGda.lnk", cAlternateFileName="DZ6QG0~1.LNK")) returned 1 [0033.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dz6qG0bGda.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dz6qg0bgda.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.929] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf98, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf98, lpOverlapped=0x0) returned 1 [0033.929] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.929] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf98, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf98, lpOverlapped=0x0) returned 1 [0033.930] CloseHandle (hObject=0x48) returned 1 [0033.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.930] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dz6qG0bGda.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dz6qg0bgda.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Dz6qG0bGda.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dz6qg0bgda.lnk.adv")) returned 1 [0033.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.931] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa40a4230, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa40a4230, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40a4230, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xea1, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="EbH015QEPzwk0mPpgyu.mkv.lnk", cAlternateFileName="EBH015~1.LNK")) returned 1 [0033.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EbH015QEPzwk0mPpgyu.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ebh015qepzwk0mppgyu.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.931] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xea1, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xea1, lpOverlapped=0x0) returned 1 [0033.932] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.932] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xea1, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xea1, lpOverlapped=0x0) returned 1 [0033.932] CloseHandle (hObject=0x48) returned 1 [0033.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.932] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EbH015QEPzwk0mPpgyu.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ebh015qepzwk0mppgyu.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EbH015QEPzwk0mPpgyu.mkv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ebh015qepzwk0mppgyu.mkv.lnk.adv")) returned 1 [0033.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.933] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3d12130, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3d12130, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3d12130, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf6f, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="eJ43YMM.lnk", cAlternateFileName="")) returned 1 [0033.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eJ43YMM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ej43ymm.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.934] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf6f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf6f, lpOverlapped=0x0) returned 1 [0033.934] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.934] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf6f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf6f, lpOverlapped=0x0) returned 1 [0033.934] CloseHandle (hObject=0x48) returned 1 [0033.934] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.935] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eJ43YMM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ej43ymm.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eJ43YMM.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ej43ymm.lnk.adv")) returned 1 [0033.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.935] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1f2acd0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa407e0d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa407e0d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe1d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Euaeq.lnk", cAlternateFileName="")) returned 1 [0033.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Euaeq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\euaeq.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.936] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe1d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe1d, lpOverlapped=0x0) returned 1 [0033.937] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.937] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe1d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe1d, lpOverlapped=0x0) returned 1 [0033.937] CloseHandle (hObject=0x48) returned 1 [0033.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.937] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Euaeq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\euaeq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Euaeq.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\euaeq.lnk.adv")) returned 1 [0033.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.938] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3be1630, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3be1630, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3be1630, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="eZfj.lnk", cAlternateFileName="")) returned 1 [0033.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eZfj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ezfj.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.938] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3d0, lpOverlapped=0x0) returned 1 [0033.939] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.939] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3d0, lpOverlapped=0x0) returned 1 [0033.939] CloseHandle (hObject=0x48) returned 1 [0033.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.940] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eZfj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ezfj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eZfj.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ezfj.lnk.adv")) returned 1 [0033.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.941] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa31c38b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa31c38b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa31c38b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x228, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="F1X Y.lnk", cAlternateFileName="F1XY~1.LNK")) returned 1 [0033.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F1X Y.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f1x y.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.941] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x228, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x228, lpOverlapped=0x0) returned 1 [0033.942] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.942] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x228, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x228, lpOverlapped=0x0) returned 1 [0033.942] CloseHandle (hObject=0x48) returned 1 [0033.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.942] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F1X Y.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f1x y.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F1X Y.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f1x y.lnk.adv")) returned 1 [0033.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.943] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3dd0810, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3dd0810, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3dd0810, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x34d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="f2dTHxoDqfKD6X56WC7.lnk", cAlternateFileName="F2DTHX~1.LNK")) returned 1 [0033.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\f2dTHxoDqfKD6X56WC7.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f2dthxodqfkd6x56wc7.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.943] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x34d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x34d, lpOverlapped=0x0) returned 1 [0033.944] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.944] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x34d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x34d, lpOverlapped=0x0) returned 1 [0033.944] CloseHandle (hObject=0x48) returned 1 [0033.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.944] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\f2dTHxoDqfKD6X56WC7.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f2dthxodqfkd6x56wc7.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\f2dTHxoDqfKD6X56WC7.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f2dthxodqfkd6x56wc7.lnk.adv")) returned 1 [0033.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.945] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa33b2a90, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa33b2a90, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa33d8bf0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1492, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="FHSxYGZAJTvUMW.lnk", cAlternateFileName="FHSXYG~1.LNK")) returned 1 [0033.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHSxYGZAJTvUMW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fhsxygzajtvumw.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.945] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1492, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1492, lpOverlapped=0x0) returned 1 [0033.946] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.946] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1492, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1492, lpOverlapped=0x0) returned 1 [0033.946] CloseHandle (hObject=0x48) returned 1 [0033.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.946] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHSxYGZAJTvUMW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fhsxygzajtvumw.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FHSxYGZAJTvUMW.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fhsxygzajtvumw.lnk.adv")) returned 1 [0033.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.947] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa33fed50, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa33fed50, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa33fed50, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf40, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Fvh7hhUByd-yvv0OF.lnk", cAlternateFileName="FVH7HH~1.LNK")) returned 1 [0033.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Fvh7hhUByd-yvv0OF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fvh7hhubyd-yvv0of.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.948] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf40, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf40, lpOverlapped=0x0) returned 1 [0033.948] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.948] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf40, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf40, lpOverlapped=0x0) returned 1 [0033.949] CloseHandle (hObject=0x48) returned 1 [0033.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.949] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Fvh7hhUByd-yvv0OF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fvh7hhubyd-yvv0of.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Fvh7hhUByd-yvv0OF.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fvh7hhubyd-yvv0of.lnk.adv")) returned 1 [0033.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.950] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa23c7770, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3e68d90, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3e68d90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x997, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="FYIux_9TwjN25.lnk", cAlternateFileName="FYIUX_~1.LNK")) returned 1 [0033.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FYIux_9TwjN25.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fyiux_9twjn25.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.950] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x997, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x997, lpOverlapped=0x0) returned 1 [0033.951] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.951] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x997, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x997, lpOverlapped=0x0) returned 1 [0033.951] CloseHandle (hObject=0x48) returned 1 [0033.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.951] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FYIux_9TwjN25.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fyiux_9twjn25.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FYIux_9TwjN25.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fyiux_9twjn25.lnk.adv")) returned 1 [0033.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.952] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa389b7f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa389b7f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa389b7f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa37, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="FZU1hM-6Oi.lnk", cAlternateFileName="FZU1HM~1.LNK")) returned 1 [0033.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FZU1hM-6Oi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fzu1hm-6oi.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.952] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa37, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa37, lpOverlapped=0x0) returned 1 [0033.953] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.953] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa37, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa37, lpOverlapped=0x0) returned 1 [0033.953] CloseHandle (hObject=0x48) returned 1 [0033.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.953] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FZU1hM-6Oi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fzu1hm-6oi.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FZU1hM-6Oi.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fzu1hm-6oi.lnk.adv")) returned 1 [0033.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.954] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa32ce250, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa32ce250, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa32ce250, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1405, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ghwBu.lnk", cAlternateFileName="")) returned 1 [0033.954] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.954] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ghwBu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ghwbu.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.954] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1405, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1405, lpOverlapped=0x0) returned 1 [0033.955] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.955] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1405, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1405, lpOverlapped=0x0) returned 1 [0033.955] CloseHandle (hObject=0x48) returned 1 [0033.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.955] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ghwBu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ghwbu.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ghwBu.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ghwbu.lnk.adv")) returned 1 [0033.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.956] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2e317b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2e317b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2e317b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x415, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ghXQE5VKi9UTmTwgh.lnk", cAlternateFileName="GHXQE5~1.LNK")) returned 1 [0033.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ghXQE5VKi9UTmTwgh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ghxqe5vki9utmtwgh.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.956] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x415, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x415, lpOverlapped=0x0) returned 1 [0033.957] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.957] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x415, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x415, lpOverlapped=0x0) returned 1 [0033.957] CloseHandle (hObject=0x48) returned 1 [0033.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.957] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ghXQE5VKi9UTmTwgh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ghxqe5vki9utmtwgh.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ghXQE5VKi9UTmTwgh.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ghxqe5vki9utmtwgh.lnk.adv")) returned 1 [0033.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.958] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa28d6630, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa28d6630, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa28d6630, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x406, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="GI0Fotbp3 6_Et.mkv.lnk", cAlternateFileName="GI0FOT~1.LNK")) returned 1 [0033.958] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.958] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GI0Fotbp3 6_Et.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gi0fotbp3 6_et.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.959] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x406, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x406, lpOverlapped=0x0) returned 1 [0033.960] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.960] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x406, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x406, lpOverlapped=0x0) returned 1 [0033.960] CloseHandle (hObject=0x48) returned 1 [0033.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.960] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GI0Fotbp3 6_Et.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gi0fotbp3 6_et.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GI0Fotbp3 6_Et.mkv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gi0fotbp3 6_et.mkv.lnk.adv")) returned 1 [0033.961] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.961] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.961] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2cdab50, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa40a4230, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40a4230, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x93b, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="GIIea.lnk", cAlternateFileName="")) returned 1 [0033.961] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.961] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.961] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GIIea.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\giiea.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.961] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x93b, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x93b, lpOverlapped=0x0) returned 1 [0033.962] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.962] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x93b, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x93b, lpOverlapped=0x0) returned 1 [0033.962] CloseHandle (hObject=0x48) returned 1 [0033.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.962] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GIIea.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\giiea.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GIIea.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\giiea.lnk.adv")) returned 1 [0033.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa32ce250, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa32ce250, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa32ce250, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf39, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="gqHP19JfjzkVUQkf.lnk", cAlternateFileName="GQHP19~1.LNK")) returned 1 [0033.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gqHP19JfjzkVUQkf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gqhp19jfjzkvuqkf.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.963] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf39, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf39, lpOverlapped=0x0) returned 1 [0033.964] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.965] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf39, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf39, lpOverlapped=0x0) returned 1 [0033.965] CloseHandle (hObject=0x48) returned 1 [0033.965] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.965] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gqHP19JfjzkVUQkf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gqhp19jfjzkvuqkf.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gqHP19JfjzkVUQkf.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gqhp19jfjzkvuqkf.lnk.adv")) returned 1 [0033.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.966] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa29228f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa29228f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa29228f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa21, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="GxKCryVZm.lnk", cAlternateFileName="GXKCRY~1.LNK")) returned 1 [0033.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GxKCryVZm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gxkcryvzm.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.966] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa21, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa21, lpOverlapped=0x0) returned 1 [0033.967] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.967] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa21, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa21, lpOverlapped=0x0) returned 1 [0033.967] CloseHandle (hObject=0x48) returned 1 [0033.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.967] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GxKCryVZm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gxkcryvzm.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GxKCryVZm.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\gxkcryvzm.lnk.adv")) returned 1 [0033.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.968] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3424eb0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3424eb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3424eb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa37, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="H6NUqWoupg.lnk", cAlternateFileName="H6NUQW~1.LNK")) returned 1 [0033.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H6NUqWoupg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h6nuqwoupg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.968] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa37, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa37, lpOverlapped=0x0) returned 1 [0033.969] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.969] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa37, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa37, lpOverlapped=0x0) returned 1 [0033.969] CloseHandle (hObject=0x48) returned 1 [0033.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.969] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H6NUqWoupg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h6nuqwoupg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H6NUqWoupg.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h6nuqwoupg.lnk.adv")) returned 1 [0033.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.970] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3660350, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3dd0810, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3dd0810, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x227, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="H92slFF.lnk", cAlternateFileName="")) returned 1 [0033.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H92slFF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h92slff.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.970] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x227, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x227, lpOverlapped=0x0) returned 1 [0033.971] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.971] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x227, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x227, lpOverlapped=0x0) returned 1 [0033.971] CloseHandle (hObject=0x48) returned 1 [0033.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.971] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H92slFF.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h92slff.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H92slFF.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h92slff.lnk.adv")) returned 1 [0033.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.972] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2f3c150, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2f3c150, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2f3c150, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1a05, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="hfLs9h.lnk", cAlternateFileName="")) returned 1 [0033.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hfLs9h.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hfls9h.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.972] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a05, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1a05, lpOverlapped=0x0) returned 1 [0033.973] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.973] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a05, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1a05, lpOverlapped=0x0) returned 1 [0033.973] CloseHandle (hObject=0x48) returned 1 [0033.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.973] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hfLs9h.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hfls9h.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hfLs9h.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hfls9h.lnk.adv")) returned 1 [0033.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.974] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3a185b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3a185b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3a185b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1393, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="hGrm.lnk", cAlternateFileName="")) returned 1 [0033.974] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.974] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hGrm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hgrm.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.975] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1393, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1393, lpOverlapped=0x0) returned 1 [0033.975] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.975] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1393, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1393, lpOverlapped=0x0) returned 1 [0033.975] CloseHandle (hObject=0x48) returned 1 [0033.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.976] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hGrm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hgrm.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hGrm.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hgrm.lnk.adv")) returned 1 [0033.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.976] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa32a80f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c53a50, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c53a50, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1323, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="HW5Jo-7fn.lnk", cAlternateFileName="HW5JO-~1.LNK")) returned 1 [0033.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HW5Jo-7fn.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hw5jo-7fn.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.977] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1323, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1323, lpOverlapped=0x0) returned 1 [0033.977] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.977] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1323, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1323, lpOverlapped=0x0) returned 1 [0033.977] CloseHandle (hObject=0x48) returned 1 [0033.978] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.978] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HW5Jo-7fn.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hw5jo-7fn.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HW5Jo-7fn.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hw5jo-7fn.lnk.adv")) returned 1 [0033.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.979] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3a64870, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3a64870, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3a64870, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x19b7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="HzOnMSApqoHr8e5X2J.lnk", cAlternateFileName="HZONMS~1.LNK")) returned 1 [0033.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HzOnMSApqoHr8e5X2J.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hzonmsapqohr8e5x2j.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.979] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19b7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x19b7, lpOverlapped=0x0) returned 1 [0033.980] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.980] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19b7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x19b7, lpOverlapped=0x0) returned 1 [0033.980] CloseHandle (hObject=0x48) returned 1 [0033.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.980] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HzOnMSApqoHr8e5X2J.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hzonmsapqohr8e5x2j.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HzOnMSApqoHr8e5X2J.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hzonmsapqohr8e5x2j.lnk.adv")) returned 1 [0033.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.981] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa33d8bf0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa33d8bf0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa33d8bf0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="i-eH QgphqkG.lnk", cAlternateFileName="I-EHQG~1.LNK")) returned 1 [0033.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i-eH QgphqkG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i-eh qgphqkg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.982] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fc, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3fc, lpOverlapped=0x0) returned 1 [0033.982] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.982] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3fc, lpOverlapped=0x0) returned 1 [0033.985] CloseHandle (hObject=0x48) returned 1 [0033.985] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.985] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i-eH QgphqkG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i-eh qgphqkg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i-eH QgphqkG.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i-eh qgphqkg.lnk.adv")) returned 1 [0033.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.986] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3bbb4d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3bbb4d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3bbb4d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x41f, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="i-t7S8dNyuaF8hazm8d.lnk", cAlternateFileName="I-T7S8~1.LNK")) returned 1 [0033.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i-t7S8dNyuaF8hazm8d.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i-t7s8dnyuaf8hazm8d.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.986] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x41f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x41f, lpOverlapped=0x0) returned 1 [0033.987] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.987] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x41f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x41f, lpOverlapped=0x0) returned 1 [0033.987] CloseHandle (hObject=0x48) returned 1 [0033.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.987] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i-t7S8dNyuaF8hazm8d.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i-t7s8dnyuaf8hazm8d.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\i-t7S8dNyuaF8hazm8d.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\i-t7s8dnyuaf8hazm8d.lnk.adv")) returned 1 [0033.988] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.988] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.988] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa371ea30, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa371ea30, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa371ea30, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x20a4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="iFoJbq.lnk", cAlternateFileName="")) returned 1 [0033.988] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.988] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.988] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iFoJbq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ifojbq.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.988] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20a4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x20a4, lpOverlapped=0x0) returned 1 [0033.989] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.989] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20a4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x20a4, lpOverlapped=0x0) returned 1 [0033.989] CloseHandle (hObject=0x48) returned 1 [0033.989] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.989] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iFoJbq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ifojbq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iFoJbq.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ifojbq.lnk.adv")) returned 1 [0033.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.990] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3c07790, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c07790, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c07790, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x2091, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Iy6er.lnk", cAlternateFileName="")) returned 1 [0033.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Iy6er.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iy6er.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.990] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2091, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2091, lpOverlapped=0x0) returned 1 [0033.991] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.991] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2091, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2091, lpOverlapped=0x0) returned 1 [0033.991] CloseHandle (hObject=0x48) returned 1 [0033.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.991] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Iy6er.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iy6er.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Iy6er.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iy6er.lnk.adv")) returned 1 [0033.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.992] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3a8a9d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3a8a9d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3a8a9d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="J ru.lnk", cAlternateFileName="JRU~1.LNK")) returned 1 [0033.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J ru.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\j ru.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.993] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2fe, lpOverlapped=0x0) returned 1 [0033.993] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.993] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2fe, lpOverlapped=0x0) returned 1 [0033.993] CloseHandle (hObject=0x48) returned 1 [0033.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0033.993] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J ru.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\j ru.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\J ru.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\j ru.lnk.adv")) returned 1 [0033.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.994] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa390dc10, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa390dc10, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa390dc10, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf26, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="j8vm_EMAn kKNoqFCe.flv.lnk", cAlternateFileName="J8VM_E~1.LNK")) returned 1 [0033.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j8vm_EMAn kKNoqFCe.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\j8vm_eman kknoqfce.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.995] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf26, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf26, lpOverlapped=0x0) returned 1 [0033.996] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.996] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf26, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf26, lpOverlapped=0x0) returned 1 [0033.996] CloseHandle (hObject=0x48) returned 1 [0033.996] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0033.996] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j8vm_EMAn kKNoqFCe.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\j8vm_eman kknoqfce.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j8vm_EMAn kKNoqFCe.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\j8vm_eman kknoqfce.flv.lnk.adv")) returned 1 [0033.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0033.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0033.997] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3a64870, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3a64870, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3a64870, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3dc, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="JiLw9_.flv.lnk", cAlternateFileName="JILW9_~1.LNK")) returned 1 [0033.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0033.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0033.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0033.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JiLw9_.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jilw9_.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0033.997] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3dc, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3dc, lpOverlapped=0x0) returned 1 [0033.998] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0033.998] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3dc, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3dc, lpOverlapped=0x0) returned 1 [0033.998] CloseHandle (hObject=0x48) returned 1 [0033.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0033.998] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JiLw9_.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jilw9_.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JiLw9_.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jilw9_.flv.lnk.adv")) returned 1 [0034.001] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa35a1c70, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa35a1c70, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa35a1c70, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3ed, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="jiwVxqQtj.lnk", cAlternateFileName="JIWVXQ~1.LNK")) returned 1 [0034.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jiwVxqQtj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jiwvxqqtj.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.001] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3ed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3ed, lpOverlapped=0x0) returned 1 [0034.002] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.002] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3ed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3ed, lpOverlapped=0x0) returned 1 [0034.002] CloseHandle (hObject=0x48) returned 1 [0034.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.002] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jiwVxqQtj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jiwvxqqtj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jiwVxqQtj.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jiwvxqqtj.lnk.adv")) returned 1 [0034.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.003] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b490b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3b490b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3b490b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x415, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="jrHovbdUUedPxgPAV.mkv.lnk", cAlternateFileName="JRHOVB~1.LNK")) returned 1 [0034.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jrHovbdUUedPxgPAV.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jrhovbduuedpxgpav.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.003] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x415, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x415, lpOverlapped=0x0) returned 1 [0034.004] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.004] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x415, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x415, lpOverlapped=0x0) returned 1 [0034.004] CloseHandle (hObject=0x48) returned 1 [0034.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.004] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jrHovbdUUedPxgPAV.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jrhovbduuedpxgpav.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jrHovbdUUedPxgPAV.mkv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jrhovbduuedpxgpav.mkv.lnk.adv")) returned 1 [0034.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.005] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2602c10, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa4031e10, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa4031e10, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="jVPrYs_W4-lQAk.lnk", cAlternateFileName="JVPRYS~1.LNK")) returned 1 [0034.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jVPrYs_W4-lQAk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jvprys_w4-lqak.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.006] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9a2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x9a2, lpOverlapped=0x0) returned 1 [0034.006] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.006] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9a2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x9a2, lpOverlapped=0x0) returned 1 [0034.006] CloseHandle (hObject=0x48) returned 1 [0034.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.006] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jVPrYs_W4-lQAk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jvprys_w4-lqak.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jVPrYs_W4-lQAk.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jvprys_w4-lqak.lnk.adv")) returned 1 [0034.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.007] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3c79bb0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c79bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c79bb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x243, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="j_MolIFhIt.lnk", cAlternateFileName="J_MOLI~1.LNK")) returned 1 [0034.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j_MolIFhIt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\j_molifhit.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.008] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x243, lpOverlapped=0x0) returned 1 [0034.008] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.008] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x243, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x243, lpOverlapped=0x0) returned 1 [0034.009] CloseHandle (hObject=0x48) returned 1 [0034.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.009] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j_MolIFhIt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\j_molifhit.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j_MolIFhIt.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\j_molifhit.lnk.adv")) returned 1 [0034.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.010] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4031e10, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa4031e10, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa4031e10, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x148d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="k3b6sKlJTZ_X_gu59.lnk", cAlternateFileName="K3B6SK~1.LNK")) returned 1 [0034.010] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.010] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3b6sKlJTZ_X_gu59.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\k3b6skljtz_x_gu59.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.010] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x148d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x148d, lpOverlapped=0x0) returned 1 [0034.011] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.011] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x148d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x148d, lpOverlapped=0x0) returned 1 [0034.011] CloseHandle (hObject=0x48) returned 1 [0034.011] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.011] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3b6sKlJTZ_X_gu59.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\k3b6skljtz_x_gu59.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3b6sKlJTZ_X_gu59.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\k3b6skljtz_x_gu59.lnk.adv")) returned 1 [0034.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.012] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2f622b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2f622b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2f622b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe66, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="kDDaFDVN.lnk", cAlternateFileName="")) returned 1 [0034.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kDDaFDVN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kddafdvn.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.012] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe66, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe66, lpOverlapped=0x0) returned 1 [0034.013] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.013] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe66, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe66, lpOverlapped=0x0) returned 1 [0034.013] CloseHandle (hObject=0x48) returned 1 [0034.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.013] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kDDaFDVN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kddafdvn.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kDDaFDVN.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kddafdvn.lnk.adv")) returned 1 [0034.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.014] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3a185b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3a185b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3a185b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xef9, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="KEGThK-3QHqC.flv.lnk", cAlternateFileName="KEGTHK~1.LNK")) returned 1 [0034.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KEGThK-3QHqC.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kegthk-3qhqc.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.014] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xef9, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xef9, lpOverlapped=0x0) returned 1 [0034.015] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.015] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xef9, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xef9, lpOverlapped=0x0) returned 1 [0034.015] CloseHandle (hObject=0x48) returned 1 [0034.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.015] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KEGThK-3QHqC.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kegthk-3qhqc.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KEGThK-3QHqC.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kegthk-3qhqc.flv.lnk.adv")) returned 1 [0034.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.016] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4057f70, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa4057f70, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa407e0d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1422, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="kJinKDlK9N15UwFsJ.lnk", cAlternateFileName="KJINKD~1.LNK")) returned 1 [0034.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kJinKDlK9N15UwFsJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kjinkdlk9n15uwfsj.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.017] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1422, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1422, lpOverlapped=0x0) returned 1 [0034.017] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.017] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1422, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1422, lpOverlapped=0x0) returned 1 [0034.017] CloseHandle (hObject=0x48) returned 1 [0034.018] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.018] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kJinKDlK9N15UwFsJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kjinkdlk9n15uwfsj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kJinKDlK9N15UwFsJ.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kjinkdlk9n15uwfsj.lnk.adv")) returned 1 [0034.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.019] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3e42c30, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3e42c30, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3e42c30, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf0d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="L uVwCNS49qZilnhg.lnk", cAlternateFileName="LUVWCN~1.LNK")) returned 1 [0034.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\L uVwCNS49qZilnhg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l uvwcns49qzilnhg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.019] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf0d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf0d, lpOverlapped=0x0) returned 1 [0034.020] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.020] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf0d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf0d, lpOverlapped=0x0) returned 1 [0034.020] CloseHandle (hObject=0x48) returned 1 [0034.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.020] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\L uVwCNS49qZilnhg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l uvwcns49qzilnhg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\L uVwCNS49qZilnhg.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l uvwcns49qzilnhg.lnk.adv")) returned 1 [0034.021] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.021] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.021] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1c7d410, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa4031e10, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa4031e10, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe5a, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="l Wcxjfs2MNdTFS7NC.lnk", cAlternateFileName="LWCXJF~1.LNK")) returned 1 [0034.021] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.021] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.021] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l Wcxjfs2MNdTFS7NC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l wcxjfs2mndtfs7nc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.021] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe5a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe5a, lpOverlapped=0x0) returned 1 [0034.022] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.022] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe5a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe5a, lpOverlapped=0x0) returned 1 [0034.022] CloseHandle (hObject=0x48) returned 1 [0034.022] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.022] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l Wcxjfs2MNdTFS7NC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l wcxjfs2mndtfs7nc.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l Wcxjfs2MNdTFS7NC.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l wcxjfs2mndtfs7nc.lnk.adv")) returned 1 [0034.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.023] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa312b330, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa312b330, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa312b330, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xeb1, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="l4it.lnk", cAlternateFileName="")) returned 1 [0034.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.023] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l4it.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l4it.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.023] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xeb1, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xeb1, lpOverlapped=0x0) returned 1 [0034.024] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.024] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xeb1, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xeb1, lpOverlapped=0x0) returned 1 [0034.024] CloseHandle (hObject=0x48) returned 1 [0034.024] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.024] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l4it.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l4it.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l4it.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l4it.lnk.adv")) returned 1 [0034.025] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.025] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.025] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3c79bb0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c79bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c79bb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3f2, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="l4VrUPJ7uo.mkv.lnk", cAlternateFileName="L4VRUP~1.LNK")) returned 1 [0034.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.025] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l4VrUPJ7uo.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l4vrupj7uo.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.026] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3f2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3f2, lpOverlapped=0x0) returned 1 [0034.027] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.027] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3f2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3f2, lpOverlapped=0x0) returned 1 [0034.027] CloseHandle (hObject=0x48) returned 1 [0034.027] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.027] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l4VrUPJ7uo.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l4vrupj7uo.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\l4VrUPJ7uo.mkv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\l4vrupj7uo.mkv.lnk.adv")) returned 1 [0034.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.028] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3d5e3f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3d5e3f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3d5e3f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa42, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="lBs38SbmwOe.lnk", cAlternateFileName="LBS38S~1.LNK")) returned 1 [0034.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lBs38SbmwOe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lbs38sbmwoe.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.028] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa42, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa42, lpOverlapped=0x0) returned 1 [0034.029] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.029] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa42, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa42, lpOverlapped=0x0) returned 1 [0034.029] CloseHandle (hObject=0x48) returned 1 [0034.029] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.029] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lBs38SbmwOe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lbs38sbmwoe.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lBs38SbmwOe.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lbs38sbmwoe.lnk.adv")) returned 1 [0034.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.030] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3e68d90, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3e68d90, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3e68d90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf56, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="LD_crI0RLfSELe7rlBc.lnk", cAlternateFileName="LD_CRI~1.LNK")) returned 1 [0034.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LD_crI0RLfSELe7rlBc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ld_cri0rlfsele7rlbc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.030] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf56, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf56, lpOverlapped=0x0) returned 1 [0034.031] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.031] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf56, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf56, lpOverlapped=0x0) returned 1 [0034.031] CloseHandle (hObject=0x48) returned 1 [0034.031] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.031] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LD_crI0RLfSELe7rlBc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ld_cri0rlfsele7rlbc.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LD_crI0RLfSELe7rlBc.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ld_cri0rlfsele7rlbc.lnk.adv")) returned 1 [0034.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.032] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3a185b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3a185b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3a185b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x266, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ljkx-q2zNo9LHnf4f.flv.lnk", cAlternateFileName="LJKX-Q~1.LNK")) returned 1 [0034.032] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.032] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ljkx-q2zNo9LHnf4f.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ljkx-q2zno9lhnf4f.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.033] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x266, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x266, lpOverlapped=0x0) returned 1 [0034.033] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.033] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x266, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x266, lpOverlapped=0x0) returned 1 [0034.033] CloseHandle (hObject=0x48) returned 1 [0034.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.034] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ljkx-q2zNo9LHnf4f.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ljkx-q2zno9lhnf4f.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ljkx-q2zNo9LHnf4f.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ljkx-q2zno9lhnf4f.flv.lnk.adv")) returned 1 [0034.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.034] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3875690, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3875690, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3875690, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x9cd, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="lpjQv9AHl.flv.lnk", cAlternateFileName="LPJQV9~1.LNK")) returned 1 [0034.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.035] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lpjQv9AHl.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lpjqv9ahl.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.035] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9cd, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x9cd, lpOverlapped=0x0) returned 1 [0034.035] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.036] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9cd, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x9cd, lpOverlapped=0x0) returned 1 [0034.036] CloseHandle (hObject=0x48) returned 1 [0034.036] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.036] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lpjQv9AHl.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lpjqv9ahl.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lpjQv9AHl.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lpjqv9ahl.flv.lnk.adv")) returned 1 [0034.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.037] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22e2f30, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3b6f210, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3b6f210, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x211, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="LrVcZFdlS2CBQvbuJ4TT.lnk", cAlternateFileName="LRVCZF~1.LNK")) returned 1 [0034.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LrVcZFdlS2CBQvbuJ4TT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lrvczfdls2cbqvbuj4tt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.037] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x211, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x211, lpOverlapped=0x0) returned 1 [0034.038] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.038] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x211, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x211, lpOverlapped=0x0) returned 1 [0034.038] CloseHandle (hObject=0x48) returned 1 [0034.038] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.038] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LrVcZFdlS2CBQvbuJ4TT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lrvczfdls2cbqvbuj4tt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LrVcZFdlS2CBQvbuJ4TT.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lrvczfdls2cbqvbuj4tt.lnk.adv")) returned 1 [0034.039] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.039] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.039] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3092db0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3092db0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3092db0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x243, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="LSqzELB3Et.lnk", cAlternateFileName="LSQZEL~1.LNK")) returned 1 [0034.039] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.039] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.039] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LSqzELB3Et.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lsqzelb3et.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.039] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x243, lpOverlapped=0x0) returned 1 [0034.040] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.040] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x243, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x243, lpOverlapped=0x0) returned 1 [0034.040] CloseHandle (hObject=0x48) returned 1 [0034.040] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.040] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LSqzELB3Et.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lsqzelb3et.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LSqzELB3Et.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lsqzelb3et.lnk.adv")) returned 1 [0034.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.041] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2dbf390, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3cebfd0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3cebfd0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x963, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="luaXVHHwWG.lnk", cAlternateFileName="LUAXVH~1.LNK")) returned 1 [0034.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\luaXVHHwWG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\luaxvhhwwg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.041] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x963, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x963, lpOverlapped=0x0) returned 1 [0034.042] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.042] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x963, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x963, lpOverlapped=0x0) returned 1 [0034.042] CloseHandle (hObject=0x48) returned 1 [0034.043] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.043] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\luaXVHHwWG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\luaxvhhwwg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\luaXVHHwWG.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\luaxvhhwwg.lnk.adv")) returned 1 [0034.043] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.043] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.043] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa407e0d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa407e0d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa407e0d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="m n3Gjz823swFH3R.lnk", cAlternateFileName="MN3GJZ~1.LNK")) returned 1 [0034.043] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m n3Gjz823swFH3R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m n3gjz823swfh3r.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.044] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x410, lpOverlapped=0x0) returned 1 [0034.045] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.045] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x410, lpOverlapped=0x0) returned 1 [0034.045] CloseHandle (hObject=0x48) returned 1 [0034.045] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.045] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m n3Gjz823swFH3R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m n3gjz823swfh3r.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m n3Gjz823swFH3R.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m n3gjz823swfh3r.lnk.adv")) returned 1 [0034.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.046] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2b11ad0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa40ca390, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40ca390, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xdcd, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="M6VQ_.lnk", cAlternateFileName="")) returned 1 [0034.046] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.046] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\M6VQ_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m6vq_.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.046] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdcd, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xdcd, lpOverlapped=0x0) returned 1 [0034.047] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.047] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdcd, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xdcd, lpOverlapped=0x0) returned 1 [0034.047] CloseHandle (hObject=0x48) returned 1 [0034.047] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.047] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\M6VQ_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m6vq_.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\M6VQ_.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\m6vq_.lnk.adv")) returned 1 [0034.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.048] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2cb49f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2cb49f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2cb49f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x19a3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="mBvnyNby_skMvVufS5.lnk", cAlternateFileName="MBVNYN~1.LNK")) returned 1 [0034.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mBvnyNby_skMvVufS5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mbvnynby_skmvvufs5.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.048] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19a3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x19a3, lpOverlapped=0x0) returned 1 [0034.049] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.049] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19a3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x19a3, lpOverlapped=0x0) returned 1 [0034.049] CloseHandle (hObject=0x48) returned 1 [0034.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.049] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mBvnyNby_skMvVufS5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mbvnynby_skmvvufs5.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mBvnyNby_skMvVufS5.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mbvnynby_skmvvufs5.lnk.adv")) returned 1 [0034.050] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.050] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.050] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27f1df0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa27f1df0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa27f1df0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xff7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="mdWEipFNXDBB Mvg6aw.lnk", cAlternateFileName="MDWEIP~1.LNK")) returned 1 [0034.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.050] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mdWEipFNXDBB Mvg6aw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mdweipfnxdbb mvg6aw.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.050] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xff7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xff7, lpOverlapped=0x0) returned 1 [0034.051] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.051] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xff7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xff7, lpOverlapped=0x0) returned 1 [0034.051] CloseHandle (hObject=0x48) returned 1 [0034.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.051] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mdWEipFNXDBB Mvg6aw.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mdweipfnxdbb mvg6aw.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mdWEipFNXDBB Mvg6aw.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mdweipfnxdbb mvg6aw.lnk.adv")) returned 1 [0034.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.052] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa28d6630, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3fe5b50, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3fe5b50, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="My Music.lnk", cAlternateFileName="MYMUSI~1.LNK")) returned 1 [0034.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.052] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.052] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x52a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x52a, lpOverlapped=0x0) returned 1 [0034.053] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.053] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x52a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x52a, lpOverlapped=0x0) returned 1 [0034.053] CloseHandle (hObject=0x48) returned 1 [0034.053] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.053] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk.adv")) returned 1 [0034.054] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.054] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.054] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2759870, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3be1630, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3be1630, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x54f, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="My Pictures.lnk", cAlternateFileName="MYPICT~1.LNK")) returned 1 [0034.054] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.054] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.054] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.055] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x54f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x54f, lpOverlapped=0x0) returned 1 [0034.056] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.056] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x54f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x54f, lpOverlapped=0x0) returned 1 [0034.056] CloseHandle (hObject=0x48) returned 1 [0034.056] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.056] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk.adv")) returned 1 [0034.057] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.057] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.057] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa21b2430, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3ad6c90, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3ad6c90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x539, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="My Videos.lnk", cAlternateFileName="MYVIDE~1.LNK")) returned 1 [0034.057] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.057] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.057] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.057] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x539, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x539, lpOverlapped=0x0) returned 1 [0034.058] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.058] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x539, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x539, lpOverlapped=0x0) returned 1 [0034.058] CloseHandle (hObject=0x48) returned 1 [0034.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.058] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk.adv")) returned 1 [0034.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.059] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3046af0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3046af0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3046af0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1377, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="MYNo82NP9gG.lnk", cAlternateFileName="MYNO82~1.LNK")) returned 1 [0034.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MYNo82NP9gG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\myno82np9gg.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.060] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1377, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1377, lpOverlapped=0x0) returned 1 [0034.061] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.061] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1377, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1377, lpOverlapped=0x0) returned 1 [0034.061] CloseHandle (hObject=0x48) returned 1 [0034.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.061] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MYNo82NP9gG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\myno82np9gg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MYNo82NP9gG.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\myno82np9gg.lnk.adv")) returned 1 [0034.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.062] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3ad6c90, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3ad6c90, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3ad6c90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x9e3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="n1MYONA8tgP.flv.lnk", cAlternateFileName="N1MYON~1.LNK")) returned 1 [0034.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\n1MYONA8tgP.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n1myona8tgp.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.062] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9e3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x9e3, lpOverlapped=0x0) returned 1 [0034.063] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.063] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9e3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x9e3, lpOverlapped=0x0) returned 1 [0034.063] CloseHandle (hObject=0x48) returned 1 [0034.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.063] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\n1MYONA8tgP.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n1myona8tgp.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\n1MYONA8tgP.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n1myona8tgp.flv.lnk.adv")) returned 1 [0034.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.064] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3471170, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3471170, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3471170, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="nhxY.lnk", cAlternateFileName="")) returned 1 [0034.064] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.064] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nhxY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nhxy.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.065] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3d0, lpOverlapped=0x0) returned 1 [0034.065] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.065] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3d0, lpOverlapped=0x0) returned 1 [0034.065] CloseHandle (hObject=0x48) returned 1 [0034.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.065] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nhxY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nhxy.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nhxY.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nhxy.lnk.adv")) returned 1 [0034.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.066] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa29228f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa29228f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa29228f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="nQS4_XxMleLMP.lnk", cAlternateFileName="NQS4_X~1.LNK")) returned 1 [0034.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nQS4_XxMleLMP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nqs4_xxmlelmp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.067] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x401, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x401, lpOverlapped=0x0) returned 1 [0034.067] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.068] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x401, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x401, lpOverlapped=0x0) returned 1 [0034.068] CloseHandle (hObject=0x48) returned 1 [0034.068] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.068] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nQS4_XxMleLMP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nqs4_xxmlelmp.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nQS4_XxMleLMP.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nqs4_xxmlelmp.lnk.adv")) returned 1 [0034.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.069] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa389b7f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa389b7f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa389b7f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="O3XOPEcRxINo7Dd9.lnk", cAlternateFileName="O3XOPE~1.LNK")) returned 1 [0034.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O3XOPEcRxINo7Dd9.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\o3xopecrxino7dd9.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.069] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x410, lpOverlapped=0x0) returned 1 [0034.070] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.070] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x410, lpOverlapped=0x0) returned 1 [0034.070] CloseHandle (hObject=0x48) returned 1 [0034.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.070] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O3XOPEcRxINo7Dd9.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\o3xopecrxino7dd9.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O3XOPEcRxINo7Dd9.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\o3xopecrxino7dd9.lnk.adv")) returned 1 [0034.071] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.071] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.071] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3c9fd10, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c9fd10, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c9fd10, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x243, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="oC4tqwxJSv.lnk", cAlternateFileName="OC4TQW~1.LNK")) returned 1 [0034.071] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.071] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.071] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oC4tqwxJSv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oc4tqwxjsv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.071] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x243, lpOverlapped=0x0) returned 1 [0034.072] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.072] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x243, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x243, lpOverlapped=0x0) returned 1 [0034.072] CloseHandle (hObject=0x48) returned 1 [0034.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.072] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oC4tqwxJSv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oc4tqwxjsv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oC4tqwxJSv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oc4tqwxjsv.lnk.adv")) returned 1 [0034.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.073] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3c53a50, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c53a50, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c53a50, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x193a, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="OCbAyQD.lnk", cAlternateFileName="")) returned 1 [0034.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OCbAyQD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ocbayqd.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.074] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x193a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x193a, lpOverlapped=0x0) returned 1 [0034.074] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.074] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x193a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x193a, lpOverlapped=0x0) returned 1 [0034.075] CloseHandle (hObject=0x48) returned 1 [0034.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.075] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OCbAyQD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ocbayqd.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OCbAyQD.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ocbayqd.lnk.adv")) returned 1 [0034.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.076] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa384f530, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa384f530, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3875690, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x243, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="OHFl_nHnbd.lnk", cAlternateFileName="OHFL_N~1.LNK")) returned 1 [0034.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OHFl_nHnbd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ohfl_nhnbd.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.076] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x243, lpOverlapped=0x0) returned 1 [0034.077] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.077] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x243, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x243, lpOverlapped=0x0) returned 1 [0034.077] CloseHandle (hObject=0x48) returned 1 [0034.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.077] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OHFl_nHnbd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ohfl_nhnbd.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OHFl_nHnbd.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ohfl_nhnbd.lnk.adv")) returned 1 [0034.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.078] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f01310, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3f01310, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3f01310, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x13b4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="P2Np-aG.lnk", cAlternateFileName="")) returned 1 [0034.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P2Np-aG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\p2np-ag.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.078] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13b4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x13b4, lpOverlapped=0x0) returned 1 [0034.079] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.079] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13b4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x13b4, lpOverlapped=0x0) returned 1 [0034.079] CloseHandle (hObject=0x48) returned 1 [0034.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.080] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P2Np-aG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\p2np-ag.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P2Np-aG.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\p2np-ag.lnk.adv")) returned 1 [0034.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.083] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3fe5b50, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3fe5b50, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3fe5b50, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="PedsK.lnk", cAlternateFileName="")) returned 1 [0034.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PedsK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pedsk.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.083] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x289, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x289, lpOverlapped=0x0) returned 1 [0034.084] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.084] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x289, lpOverlapped=0x0) returned 1 [0034.084] CloseHandle (hObject=0x48) returned 1 [0034.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.084] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PedsK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pedsk.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PedsK.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pedsk.lnk.adv")) returned 1 [0034.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.087] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3c07790, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c07790, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c07790, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x325, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="PgNlNXitS2-.lnk", cAlternateFileName="PGNLNX~1.LNK")) returned 1 [0034.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PgNlNXitS2-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pgnlnxits2-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.088] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x325, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x325, lpOverlapped=0x0) returned 1 [0034.088] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.089] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x325, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x325, lpOverlapped=0x0) returned 1 [0034.089] CloseHandle (hObject=0x48) returned 1 [0034.089] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.089] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PgNlNXitS2-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pgnlnxits2-.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PgNlNXitS2-.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pgnlnxits2-.lnk.adv")) returned 1 [0034.090] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.090] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.090] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa357bb10, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3e42c30, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3e42c30, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x12e4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="pQQPypTuLE-K.lnk", cAlternateFileName="PQQPYP~1.LNK")) returned 1 [0034.090] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.090] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.090] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pQQPypTuLE-K.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pqqpyptule-k.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.090] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12e4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x12e4, lpOverlapped=0x0) returned 1 [0034.091] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.091] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12e4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x12e4, lpOverlapped=0x0) returned 1 [0034.091] CloseHandle (hObject=0x48) returned 1 [0034.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.091] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pQQPypTuLE-K.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pqqpyptule-k.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pQQPypTuLE-K.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pqqpyptule-k.lnk.adv")) returned 1 [0034.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.092] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2a533f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2a533f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2a533f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x20b6, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Q3z_epu.lnk", cAlternateFileName="")) returned 1 [0034.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.092] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Q3z_epu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q3z_epu.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.093] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20b6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x20b6, lpOverlapped=0x0) returned 1 [0034.093] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.093] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20b6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x20b6, lpOverlapped=0x0) returned 1 [0034.093] CloseHandle (hObject=0x48) returned 1 [0034.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.094] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Q3z_epu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q3z_epu.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Q3z_epu.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q3z_epu.lnk.adv")) returned 1 [0034.094] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.094] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.094] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3edb1b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3edb1b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3edb1b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa6e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="q4Oec inV5xh4UG.lnk", cAlternateFileName="Q4OECI~1.LNK")) returned 1 [0034.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.094] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q4Oec inV5xh4UG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q4oec inv5xh4ug.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.095] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa6e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa6e, lpOverlapped=0x0) returned 1 [0034.095] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.095] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa6e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa6e, lpOverlapped=0x0) returned 1 [0034.096] CloseHandle (hObject=0x48) returned 1 [0034.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.096] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q4Oec inV5xh4UG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q4oec inv5xh4ug.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q4Oec inV5xh4UG.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q4oec inv5xh4ug.lnk.adv")) returned 1 [0034.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.097] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2d00cb0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2d00cb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2d00cb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1422, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Q9JdWmi0gL2wSo3Qo.lnk", cAlternateFileName="Q9JDWM~1.LNK")) returned 1 [0034.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Q9JdWmi0gL2wSo3Qo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q9jdwmi0gl2wso3qo.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.097] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1422, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1422, lpOverlapped=0x0) returned 1 [0034.098] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.098] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1422, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1422, lpOverlapped=0x0) returned 1 [0034.098] CloseHandle (hObject=0x48) returned 1 [0034.098] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.098] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Q9JdWmi0gL2wSo3Qo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q9jdwmi0gl2wso3qo.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Q9JdWmi0gL2wSo3Qo.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q9jdwmi0gl2wso3qo.lnk.adv")) returned 1 [0034.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.099] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3cc5e70, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3cc5e70, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3cc5e70, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1431, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="qgBrCAsuggqeFLB6TP.lnk", cAlternateFileName="QGBRCA~1.LNK")) returned 1 [0034.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qgBrCAsuggqeFLB6TP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qgbrcasuggqeflb6tp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.099] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1431, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1431, lpOverlapped=0x0) returned 1 [0034.100] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.100] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1431, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1431, lpOverlapped=0x0) returned 1 [0034.100] CloseHandle (hObject=0x48) returned 1 [0034.100] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.101] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qgBrCAsuggqeFLB6TP.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qgbrcasuggqeflb6tp.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qgBrCAsuggqeFLB6TP.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qgbrcasuggqeflb6tp.lnk.adv")) returned 1 [0034.101] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.101] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.101] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3bbb4d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3bbb4d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3bbb4d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xee3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="QnFWmjJSKF.flv.lnk", cAlternateFileName="QNFWMJ~1.LNK")) returned 1 [0034.101] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.101] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.101] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QnFWmjJSKF.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qnfwmjjskf.flv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.102] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xee3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xee3, lpOverlapped=0x0) returned 1 [0034.103] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.103] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xee3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xee3, lpOverlapped=0x0) returned 1 [0034.103] CloseHandle (hObject=0x48) returned 1 [0034.103] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.103] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QnFWmjJSKF.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qnfwmjjskf.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QnFWmjJSKF.flv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qnfwmjjskf.flv.lnk.adv")) returned 1 [0034.104] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.104] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.104] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f01310, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3f01310, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3f01310, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa21, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="rBlxxpLy.lnk", cAlternateFileName="")) returned 1 [0034.104] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.104] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.104] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rBlxxpLy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rblxxply.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.104] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa21, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa21, lpOverlapped=0x0) returned 1 [0034.105] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.105] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa21, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa21, lpOverlapped=0x0) returned 1 [0034.105] CloseHandle (hObject=0x48) returned 1 [0034.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.105] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rBlxxpLy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rblxxply.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rBlxxpLy.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rblxxply.lnk.adv")) returned 1 [0034.106] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.106] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.106] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa35a1c70, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa35a1c70, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa35a1c70, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf89, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="RDumlaJr.lnk", cAlternateFileName="")) returned 1 [0034.106] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RDumlaJr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rdumlajr.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.106] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf89, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf89, lpOverlapped=0x0) returned 1 [0034.107] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.107] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf89, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf89, lpOverlapped=0x0) returned 1 [0034.107] CloseHandle (hObject=0x48) returned 1 [0034.107] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RDumlaJr.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rdumlajr.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RDumlaJr.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rdumlajr.lnk.adv")) returned 1 [0034.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.108] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2817f50, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa2817f50, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa2817f50, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x149c, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="rfA7yLhjzhVw2Cg1RM.lnk", cAlternateFileName="RFA7YL~1.LNK")) returned 1 [0034.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.108] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rfA7yLhjzhVw2Cg1RM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rfa7ylhjzhvw2cg1rm.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.109] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x149c, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x149c, lpOverlapped=0x0) returned 1 [0034.109] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.109] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x149c, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x149c, lpOverlapped=0x0) returned 1 [0034.110] CloseHandle (hObject=0x48) returned 1 [0034.110] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.110] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rfA7yLhjzhVw2Cg1RM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rfa7ylhjzhvw2cg1rm.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rfA7yLhjzhVw2Cg1RM.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rfa7ylhjzhvw2cg1rm.lnk.adv")) returned 1 [0034.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.111] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27f1df0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa40a4230, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40a4230, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa06, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="RNautLQKyx_ZIEwgc4p.lnk", cAlternateFileName="RNAUTL~1.LNK")) returned 1 [0034.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.111] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RNautLQKyx_ZIEwgc4p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rnautlqkyx_ziewgc4p.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.111] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa06, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa06, lpOverlapped=0x0) returned 1 [0034.112] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.112] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa06, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa06, lpOverlapped=0x0) returned 1 [0034.112] CloseHandle (hObject=0x48) returned 1 [0034.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.112] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RNautLQKyx_ZIEwgc4p.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rnautlqkyx_ziewgc4p.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RNautLQKyx_ZIEwgc4p.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rnautlqkyx_ziewgc4p.lnk.adv")) returned 1 [0034.113] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.113] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.113] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa20cdbf0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa407e0d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa407e0d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x303, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Roaming.lnk", cAlternateFileName="")) returned 1 [0034.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.113] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.113] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x303, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x303, lpOverlapped=0x0) returned 1 [0034.114] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.114] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x303, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x303, lpOverlapped=0x0) returned 1 [0034.114] CloseHandle (hObject=0x48) returned 1 [0034.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.114] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk.adv")) returned 1 [0034.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.115] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3803270, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3e42c30, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3e68d90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x97e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="s-VWzfA.lnk", cAlternateFileName="")) returned 1 [0034.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s-VWzfA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\s-vwzfa.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.115] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x97e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x97e, lpOverlapped=0x0) returned 1 [0034.116] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.116] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x97e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x97e, lpOverlapped=0x0) returned 1 [0034.116] CloseHandle (hObject=0x48) returned 1 [0034.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.116] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s-VWzfA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\s-vwzfa.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s-VWzfA.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\s-vwzfa.lnk.adv")) returned 1 [0034.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.117] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3151490, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3151490, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3151490, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa63, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="SOiGPV_ocHA9Q7.lnk", cAlternateFileName="SOIGPV~1.LNK")) returned 1 [0034.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SOiGPV_ocHA9Q7.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\soigpv_ocha9q7.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.118] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa63, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa63, lpOverlapped=0x0) returned 1 [0034.119] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.119] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa63, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa63, lpOverlapped=0x0) returned 1 [0034.119] CloseHandle (hObject=0x48) returned 1 [0034.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.119] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SOiGPV_ocHA9Q7.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\soigpv_ocha9q7.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SOiGPV_ocHA9Q7.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\soigpv_ocha9q7.lnk.adv")) returned 1 [0034.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.120] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa31c38b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa31c38b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa31c38b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe70, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="srInWKB.lnk", cAlternateFileName="")) returned 1 [0034.120] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.120] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srInWKB.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\srinwkb.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.121] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe70, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe70, lpOverlapped=0x0) returned 1 [0034.121] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.121] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe70, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe70, lpOverlapped=0x0) returned 1 [0034.121] CloseHandle (hObject=0x48) returned 1 [0034.121] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.122] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srInWKB.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\srinwkb.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\srInWKB.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\srinwkb.lnk.adv")) returned 1 [0034.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.122] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa36d2770, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa36d2770, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa36d2770, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe95, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="st3J1Znucp.lnk", cAlternateFileName="ST3J1Z~1.LNK")) returned 1 [0034.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.122] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\st3J1Znucp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\st3j1znucp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.123] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe95, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe95, lpOverlapped=0x0) returned 1 [0034.123] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.124] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe95, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe95, lpOverlapped=0x0) returned 1 [0034.124] CloseHandle (hObject=0x48) returned 1 [0034.124] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.124] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\st3J1Znucp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\st3j1znucp.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\st3J1Znucp.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\st3j1znucp.lnk.adv")) returned 1 [0034.125] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.125] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.125] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2cb49f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa31775f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa31775f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1302, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="SV4GwBq oE75gC.lnk", cAlternateFileName="SV4GWB~1.LNK")) returned 1 [0034.125] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.125] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.125] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.125] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SV4GwBq oE75gC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sv4gwbq oe75gc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.125] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1302, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1302, lpOverlapped=0x0) returned 1 [0034.126] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.126] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1302, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1302, lpOverlapped=0x0) returned 1 [0034.126] CloseHandle (hObject=0x48) returned 1 [0034.126] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.126] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SV4GwBq oE75gC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sv4gwbq oe75gc.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SV4GwBq oE75gC.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sv4gwbq oe75gc.lnk.adv")) returned 1 [0034.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.127] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3ab0b30, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3ab0b30, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3ab0b30, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x40b, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="TgPmcqDbso7tGf4.lnk", cAlternateFileName="TGPMCQ~1.LNK")) returned 1 [0034.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.127] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TgPmcqDbso7tGf4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tgpmcqdbso7tgf4.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.127] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40b, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x40b, lpOverlapped=0x0) returned 1 [0034.128] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.128] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40b, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x40b, lpOverlapped=0x0) returned 1 [0034.128] CloseHandle (hObject=0x48) returned 1 [0034.128] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.128] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TgPmcqDbso7tGf4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tgpmcqdbso7tgf4.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TgPmcqDbso7tGf4.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tgpmcqdbso7tgf4.lnk.adv")) returned 1 [0034.129] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.129] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.129] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b95370, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3b95370, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3b95370, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf56, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="tGYE5HpI4vvG2oU8cdC.lnk", cAlternateFileName="TGYE5H~1.LNK")) returned 1 [0034.129] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.129] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.129] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tGYE5HpI4vvG2oU8cdC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tgye5hpi4vvg2ou8cdc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.129] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf56, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf56, lpOverlapped=0x0) returned 1 [0034.130] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.130] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf56, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf56, lpOverlapped=0x0) returned 1 [0034.130] CloseHandle (hObject=0x48) returned 1 [0034.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.130] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tGYE5HpI4vvG2oU8cdC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tgye5hpi4vvg2ou8cdc.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tGYE5HpI4vvG2oU8cdC.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tgye5hpi4vvg2ou8cdc.lnk.adv")) returned 1 [0034.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.131] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3bbb4d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3bbb4d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3be1630, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa05, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ThBOh8cv.lnk", cAlternateFileName="")) returned 1 [0034.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.131] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ThBOh8cv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\thboh8cv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.132] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa05, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa05, lpOverlapped=0x0) returned 1 [0034.132] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.133] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa05, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa05, lpOverlapped=0x0) returned 1 [0034.133] CloseHandle (hObject=0x48) returned 1 [0034.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.133] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ThBOh8cv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\thboh8cv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ThBOh8cv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\thboh8cv.lnk.adv")) returned 1 [0034.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.134] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3d5e3f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3d5e3f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3d84550, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe86, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="tl87heps.lnk", cAlternateFileName="")) returned 1 [0034.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tl87heps.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tl87heps.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.134] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe86, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe86, lpOverlapped=0x0) returned 1 [0034.135] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.135] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe86, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe86, lpOverlapped=0x0) returned 1 [0034.135] CloseHandle (hObject=0x48) returned 1 [0034.135] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.135] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tl87heps.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tl87heps.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tl87heps.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tl87heps.lnk.adv")) returned 1 [0034.136] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.136] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.136] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa40f04f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa40f04f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40f04f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa8f, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="tR32zBauYPZ2z-u M4-.lnk", cAlternateFileName="TR32ZB~1.LNK")) returned 1 [0034.136] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.136] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.136] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tR32zBauYPZ2z-u M4-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tr32zbauypz2z-u m4-.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.136] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa8f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa8f, lpOverlapped=0x0) returned 1 [0034.137] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.137] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa8f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa8f, lpOverlapped=0x0) returned 1 [0034.137] CloseHandle (hObject=0x48) returned 1 [0034.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.138] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tR32zBauYPZ2z-u M4-.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tr32zbauypz2z-u m4-.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\tR32zBauYPZ2z-u M4-.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tr32zbauypz2z-u m4-.lnk.adv")) returned 1 [0034.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.138] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3660350, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3660350, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3660350, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x352, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="TUl gxm3Zwwka4onJx4I.lnk", cAlternateFileName="TULGXM~1.LNK")) returned 1 [0034.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.138] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TUl gxm3Zwwka4onJx4I.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tul gxm3zwwka4onjx4i.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.139] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x352, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x352, lpOverlapped=0x0) returned 1 [0034.139] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.140] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x352, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x352, lpOverlapped=0x0) returned 1 [0034.140] CloseHandle (hObject=0x48) returned 1 [0034.140] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.140] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TUl gxm3Zwwka4onJx4I.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tul gxm3zwwka4onjx4i.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TUl gxm3Zwwka4onJx4I.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\tul gxm3zwwka4onjx4i.lnk.adv")) returned 1 [0034.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.141] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3a8a9d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3a8a9d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3a8a9d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xff7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="UgyZPT_Nh0JP32cs6_4.lnk", cAlternateFileName="UGYZPT~1.LNK")) returned 1 [0034.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.141] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgyZPT_Nh0JP32cs6_4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ugyzpt_nh0jp32cs6_4.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.141] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xff7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xff7, lpOverlapped=0x0) returned 1 [0034.142] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.142] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xff7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xff7, lpOverlapped=0x0) returned 1 [0034.142] CloseHandle (hObject=0x48) returned 1 [0034.142] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.142] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgyZPT_Nh0JP32cs6_4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ugyzpt_nh0jp32cs6_4.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgyZPT_Nh0JP32cs6_4.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ugyzpt_nh0jp32cs6_4.lnk.adv")) returned 1 [0034.143] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.143] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.143] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa36ac610, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa36ac610, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa36ac610, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x415, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="UyJEP36YNWF29FQQV.lnk", cAlternateFileName="UYJEP3~1.LNK")) returned 1 [0034.143] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.143] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.143] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UyJEP36YNWF29FQQV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uyjep36ynwf29fqqv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.143] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x415, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x415, lpOverlapped=0x0) returned 1 [0034.144] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.144] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x415, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x415, lpOverlapped=0x0) returned 1 [0034.144] CloseHandle (hObject=0x48) returned 1 [0034.144] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.144] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UyJEP36YNWF29FQQV.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uyjep36ynwf29fqqv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UyJEP36YNWF29FQQV.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\uyjep36ynwf29fqqv.lnk.adv")) returned 1 [0034.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.145] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa24abfb0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3e8eef0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3e8eef0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x961, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="vb95.lnk", cAlternateFileName="")) returned 1 [0034.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vb95.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vb95.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.146] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x961, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x961, lpOverlapped=0x0) returned 1 [0034.146] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.146] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x961, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x961, lpOverlapped=0x0) returned 1 [0034.146] CloseHandle (hObject=0x48) returned 1 [0034.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.146] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vb95.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vb95.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vb95.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vb95.lnk.adv")) returned 1 [0034.147] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.147] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.147] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa36d2770, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa36d2770, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa36d2770, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="wbU73g-IM1gj2HLFm.lnk", cAlternateFileName="WBU73G~1.LNK")) returned 1 [0034.147] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.147] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.147] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wbU73g-IM1gj2HLFm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wbu73g-im1gj2hlfm.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.148] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa84, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa84, lpOverlapped=0x0) returned 1 [0034.148] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.148] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa84, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa84, lpOverlapped=0x0) returned 1 [0034.149] CloseHandle (hObject=0x48) returned 1 [0034.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.149] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wbU73g-IM1gj2HLFm.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wbu73g-im1gj2hlfm.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wbU73g-IM1gj2HLFm.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wbu73g-im1gj2hlfm.lnk.adv")) returned 1 [0034.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.150] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3c9fd10, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3c9fd10, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3c9fd10, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3ed, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="wcGVevay6.ots.lnk", cAlternateFileName="WCGVEV~1.LNK")) returned 1 [0034.150] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.150] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.150] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wcGVevay6.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wcgvevay6.ots.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.150] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3ed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3ed, lpOverlapped=0x0) returned 1 [0034.151] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.151] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3ed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3ed, lpOverlapped=0x0) returned 1 [0034.151] CloseHandle (hObject=0x48) returned 1 [0034.151] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.151] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wcGVevay6.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wcgvevay6.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wcGVevay6.ots.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wcgvevay6.ots.lnk.adv")) returned 1 [0034.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.152] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa40a4230, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa40a4230, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa40a4230, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf82, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="WZKN04mQ.lnk", cAlternateFileName="")) returned 1 [0034.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WZKN04mQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wzkn04mq.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.153] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf82, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf82, lpOverlapped=0x0) returned 1 [0034.153] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.153] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf82, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf82, lpOverlapped=0x0) returned 1 [0034.153] CloseHandle (hObject=0x48) returned 1 [0034.154] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.154] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WZKN04mQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wzkn04mq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WZKN04mQ.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wzkn04mq.lnk.adv")) returned 1 [0034.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.155] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b490b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3b490b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3b490b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x257, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="X fNbMzt_tkFi.lnk", cAlternateFileName="XFNBMZ~1.LNK")) returned 1 [0034.155] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.155] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X fNbMzt_tkFi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x fnbmzt_tkfi.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.155] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x257, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x257, lpOverlapped=0x0) returned 1 [0034.156] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.156] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x257, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x257, lpOverlapped=0x0) returned 1 [0034.156] CloseHandle (hObject=0x48) returned 1 [0034.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.156] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X fNbMzt_tkFi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x fnbmzt_tkfi.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X fNbMzt_tkFi.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x fnbmzt_tkfi.lnk.adv")) returned 1 [0034.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.157] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3e1cad0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3e1cad0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3e1cad0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xf03, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="x4TGvDIq3vFwDMeTvjCK.lnk", cAlternateFileName="X4TGVD~1.LNK")) returned 1 [0034.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\x4TGvDIq3vFwDMeTvjCK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x4tgvdiq3vfwdmetvjck.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.157] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf03, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf03, lpOverlapped=0x0) returned 1 [0034.158] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.158] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf03, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf03, lpOverlapped=0x0) returned 1 [0034.158] CloseHandle (hObject=0x48) returned 1 [0034.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.158] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\x4TGvDIq3vFwDMeTvjCK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x4tgvdiq3vfwdmetvjck.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\x4TGvDIq3vFwDMeTvjCK.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x4tgvdiq3vfwdmetvjck.lnk.adv")) returned 1 [0034.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.159] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa36ac610, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa36ac610, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa36ac610, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe93, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="xIrAJ.mkv.lnk", cAlternateFileName="XIRAJM~1.LNK")) returned 1 [0034.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xIrAJ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xiraj.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.160] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe93, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe93, lpOverlapped=0x0) returned 1 [0034.160] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.161] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe93, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe93, lpOverlapped=0x0) returned 1 [0034.161] CloseHandle (hObject=0x48) returned 1 [0034.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.161] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xIrAJ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xiraj.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xIrAJ.mkv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xiraj.mkv.lnk.adv")) returned 1 [0034.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.162] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27a5b30, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa27a5b30, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa27cbc90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x329, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="xUKjw9PzIZmSx.lnk", cAlternateFileName="XUKJW9~1.LNK")) returned 1 [0034.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xUKjw9PzIZmSx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xukjw9pzizmsx.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.162] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x329, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x329, lpOverlapped=0x0) returned 1 [0034.163] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.163] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x329, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x329, lpOverlapped=0x0) returned 1 [0034.163] CloseHandle (hObject=0x48) returned 1 [0034.163] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.163] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xUKjw9PzIZmSx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xukjw9pzizmsx.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xUKjw9PzIZmSx.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xukjw9pzizmsx.lnk.adv")) returned 1 [0034.164] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.164] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.164] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3e8eef0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3e8eef0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3e8eef0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xecc, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="xycWiew0u7O5sZe7pd.ots.lnk", cAlternateFileName="XYCWIE~1.LNK")) returned 1 [0034.164] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.164] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.164] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xycWiew0u7O5sZe7pd.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xycwiew0u7o5sze7pd.ots.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.164] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xecc, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xecc, lpOverlapped=0x0) returned 1 [0034.165] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.165] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xecc, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xecc, lpOverlapped=0x0) returned 1 [0034.165] CloseHandle (hObject=0x48) returned 1 [0034.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.165] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xycWiew0u7O5sZe7pd.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xycwiew0u7o5sze7pd.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xycWiew0u7O5sZe7pd.ots.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xycwiew0u7o5sze7pd.ots.lnk.adv")) returned 1 [0034.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.166] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f27470, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3f27470, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3f27470, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa79, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ybHLj6WYBUL0Ygix.lnk", cAlternateFileName="YBHLJ6~1.LNK")) returned 1 [0034.166] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.166] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ybHLj6WYBUL0Ygix.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ybhlj6wybul0ygix.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.188] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa79, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa79, lpOverlapped=0x0) returned 1 [0034.189] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.189] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa79, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa79, lpOverlapped=0x0) returned 1 [0034.190] CloseHandle (hObject=0x48) returned 1 [0034.190] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.190] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ybHLj6WYBUL0Ygix.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ybhlj6wybul0ygix.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ybHLj6WYBUL0Ygix.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ybhlj6wybul0ygix.lnk.adv")) returned 1 [0034.192] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.192] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.192] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa31775f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa31775f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa31775f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1974, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="YGD aiTfEEVHc9.lnk", cAlternateFileName="YGDAIT~1.LNK")) returned 1 [0034.192] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.192] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.192] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YGD aiTfEEVHc9.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ygd aitfeevhc9.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.193] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1974, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1974, lpOverlapped=0x0) returned 1 [0034.194] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.194] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1974, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1974, lpOverlapped=0x0) returned 1 [0034.194] CloseHandle (hObject=0x48) returned 1 [0034.194] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.194] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YGD aiTfEEVHc9.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ygd aitfeevhc9.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YGD aiTfEEVHc9.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ygd aitfeevhc9.lnk.adv")) returned 1 [0034.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.195] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa31c38b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa31c38b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa31c38b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="yTDYl.lnk", cAlternateFileName="")) returned 1 [0034.195] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.195] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yTDYl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ytdyl.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.195] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa00, lpOverlapped=0x0) returned 1 [0034.196] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.196] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa00, lpOverlapped=0x0) returned 1 [0034.196] CloseHandle (hObject=0x48) returned 1 [0034.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.196] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yTDYl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ytdyl.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yTDYl.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ytdyl.lnk.adv")) returned 1 [0034.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.197] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa33d8bf0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa33d8bf0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa33d8bf0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xe70, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="yU92oIgqLmdwalnxc0Eo.lnk", cAlternateFileName="YU92OI~1.LNK")) returned 1 [0034.197] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.197] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yU92oIgqLmdwalnxc0Eo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yu92oigqlmdwalnxc0eo.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.198] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe70, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe70, lpOverlapped=0x0) returned 1 [0034.199] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.199] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe70, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe70, lpOverlapped=0x0) returned 1 [0034.199] CloseHandle (hObject=0x48) returned 1 [0034.199] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.199] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yU92oIgqLmdwalnxc0Eo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yu92oigqlmdwalnxc0eo.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yU92oIgqLmdwalnxc0Eo.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yu92oigqlmdwalnxc0eo.lnk.adv")) returned 1 [0034.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.200] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b6f210, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3b6f210, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3b6f210, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa31, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="YY-d8J1 vZOv.lnk", cAlternateFileName="YY-D8J~1.LNK")) returned 1 [0034.200] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.200] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YY-d8J1 vZOv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yy-d8j1 vzov.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.200] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa31, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa31, lpOverlapped=0x0) returned 1 [0034.201] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.201] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa31, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa31, lpOverlapped=0x0) returned 1 [0034.201] CloseHandle (hObject=0x48) returned 1 [0034.201] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.202] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YY-d8J1 vZOv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yy-d8j1 vzov.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YY-d8J1 vZOv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yy-d8j1 vzov.lnk.adv")) returned 1 [0034.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.202] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4057f70, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa4057f70, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa4057f70, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xed4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ZiWCOKh QeieXZNwpp.lnk", cAlternateFileName="ZIWCOK~1.LNK")) returned 1 [0034.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiWCOKh QeieXZNwpp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ziwcokh qeiexznwpp.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.203] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xed4, lpOverlapped=0x0) returned 1 [0034.204] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.204] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xed4, lpOverlapped=0x0) returned 1 [0034.204] CloseHandle (hObject=0x48) returned 1 [0034.204] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.204] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiWCOKh QeieXZNwpp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ziwcokh qeiexznwpp.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiWCOKh QeieXZNwpp.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ziwcokh qeiexznwpp.lnk.adv")) returned 1 [0034.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.205] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa34972d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa34972d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa34972d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xeea, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ZIXP9uruJPsgFyVCKgNh.lnk", cAlternateFileName="ZIXP9U~1.LNK")) returned 1 [0034.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZIXP9uruJPsgFyVCKgNh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zixp9urujpsgfyvckgnh.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.205] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xeea, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xeea, lpOverlapped=0x0) returned 1 [0034.206] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.206] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xeea, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xeea, lpOverlapped=0x0) returned 1 [0034.206] CloseHandle (hObject=0x48) returned 1 [0034.206] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.206] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZIXP9uruJPsgFyVCKgNh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zixp9urujpsgfyvckgnh.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZIXP9uruJPsgFyVCKgNh.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zixp9urujpsgfyvckgnh.lnk.adv")) returned 1 [0034.209] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.209] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.209] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa26c12f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3fe5b50, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3fe5b50, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1bd, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="zMME.lnk", cAlternateFileName="")) returned 1 [0034.209] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.209] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.210] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zMME.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zmme.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.210] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1bd, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1bd, lpOverlapped=0x0) returned 1 [0034.211] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.211] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1bd, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1bd, lpOverlapped=0x0) returned 1 [0034.211] CloseHandle (hObject=0x48) returned 1 [0034.211] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.211] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zMME.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zmme.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zMME.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zmme.lnk.adv")) returned 1 [0034.212] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.212] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.212] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3a3e710, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa3a3e710, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa3a3e710, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x3f7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ZmzmaHWHHtQ.lnk", cAlternateFileName="ZMZMAH~1.LNK")) returned 1 [0034.212] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.212] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.212] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZmzmaHWHHtQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zmzmahwhhtq.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.212] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3f7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3f7, lpOverlapped=0x0) returned 1 [0034.213] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.213] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3f7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3f7, lpOverlapped=0x0) returned 1 [0034.213] CloseHandle (hObject=0x48) returned 1 [0034.213] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.213] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZmzmaHWHHtQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zmzmahwhhtq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZmzmaHWHHtQ.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zmzmahwhhtq.lnk.adv")) returned 1 [0034.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.215] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa38c1950, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa38c1950, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa38c1950, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1331, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="ZVeYS.lnk", cAlternateFileName="")) returned 1 [0034.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZVeYS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zveys.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.215] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1331, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1331, lpOverlapped=0x0) returned 1 [0034.216] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.216] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1331, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1331, lpOverlapped=0x0) returned 1 [0034.216] CloseHandle (hObject=0x48) returned 1 [0034.216] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.216] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZVeYS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zveys.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZVeYS.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zveys.lnk.adv")) returned 1 [0034.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.217] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa36f88d0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa36f88d0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa36f88d0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x1949, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="zyIiYGmZ.lnk", cAlternateFileName="")) returned 1 [0034.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zyIiYGmZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zyiiygmz.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.217] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1949, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1949, lpOverlapped=0x0) returned 1 [0034.218] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.218] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1949, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1949, lpOverlapped=0x0) returned 1 [0034.218] CloseHandle (hObject=0x48) returned 1 [0034.219] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.219] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zyIiYGmZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zyiiygmz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zyIiYGmZ.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zyiiygmz.lnk.adv")) returned 1 [0034.219] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.219] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.219] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa36864b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa36864b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa36864b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0xa51, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="_6TDL0rLEXCz3rXS.ots.lnk", cAlternateFileName="_6TDL0~1.LNK")) returned 1 [0034.219] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.220] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_6TDL0rLEXCz3rXS.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_6tdl0rlexcz3rxs.ots.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.220] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa51, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa51, lpOverlapped=0x0) returned 1 [0034.221] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.221] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa51, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa51, lpOverlapped=0x0) returned 1 [0034.221] CloseHandle (hObject=0x48) returned 1 [0034.221] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.221] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_6TDL0rLEXCz3rXS.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_6tdl0rlexcz3rxs.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_6TDL0rLEXCz3rXS.ots.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_6tdl0rlexcz3rxs.ots.lnk.adv")) returned 1 [0034.222] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.222] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.222] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa32f43b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa32f43b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa32f43b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x24d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="_G4x2ry5 VgS.mkv.lnk", cAlternateFileName="_G4X2R~1.LNK")) returned 1 [0034.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.222] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_G4x2ry5 VgS.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_g4x2ry5 vgs.mkv.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.223] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x24d, lpOverlapped=0x0) returned 1 [0034.223] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.223] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x24d, lpOverlapped=0x0) returned 1 [0034.223] CloseHandle (hObject=0x48) returned 1 [0034.223] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.224] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_G4x2ry5 VgS.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_g4x2ry5 vgs.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_G4x2ry5 VgS.mkv.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_g4x2ry5 vgs.mkv.lnk.adv")) returned 1 [0034.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.224] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa32f43b0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0xa32f43b0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa32f43b0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x24d, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="_G4x2ry5 VgS.mkv.lnk", cAlternateFileName="_G4X2R~1.LNK")) returned 0 [0034.225] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0034.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab0 | out: hHeap=0x6d0000) returned 1 [0034.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0034.225] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0034.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0034.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0034.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0034.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5ab0 [0034.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.225] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0034.231] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0034.231] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1 [0034.231] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.231] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5b90 [0034.231] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.235] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3, lpOverlapped=0x0) returned 1 [0034.235] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.235] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3, lpOverlapped=0x0) returned 1 [0034.236] CloseHandle (hObject=0x48) returned 1 [0034.236] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5c88 [0034.236] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.adv")) returned 1 [0034.237] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c88 | out: hHeap=0x6d0000) returned 1 [0034.237] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.237] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb52ab9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Desktop (create shortcut).DeskLink", cAlternateFileName="DESKTO~1.DES")) returned 1 [0034.237] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.237] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5b90 [0034.237] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.257] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7, lpOverlapped=0x0) returned 1 [0034.258] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.258] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7, lpOverlapped=0x0) returned 1 [0034.258] CloseHandle (hObject=0x48) returned 1 [0034.258] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5c78 [0034.258] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.adv")) returned 1 [0034.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c78 | out: hHeap=0x6d0000) returned 1 [0034.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.259] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0034.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.259] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x22e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x22e, lpOverlapped=0x0) returned 1 [0034.260] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.260] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x22e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x22e, lpOverlapped=0x0) returned 1 [0034.260] CloseHandle (hObject=0x48) returned 1 [0034.260] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c70 [0034.260] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini.adv")) returned 1 [0034.261] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.261] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.261] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1 [0034.261] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.261] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.261] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.261] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.261] CloseHandle (hObject=0x48) returned 1 [0034.261] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.262] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs.adv")) returned 1 [0034.262] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.262] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.262] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0034.262] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.262] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.262] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.263] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4d6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4d6, lpOverlapped=0x0) returned 1 [0034.264] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.264] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4d6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4d6, lpOverlapped=0x0) returned 1 [0034.265] CloseHandle (hObject=0x48) returned 1 [0034.265] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c70 [0034.265] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk.adv")) returned 1 [0034.266] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.266] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.266] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 1 [0034.266] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.266] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.266] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.267] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4, lpOverlapped=0x0) returned 1 [0034.267] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.268] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4, lpOverlapped=0x0) returned 1 [0034.268] CloseHandle (hObject=0x48) returned 1 [0034.268] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.268] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.adv")) returned 1 [0034.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.269] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 0 [0034.269] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0034.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab0 | out: hHeap=0x6d0000) returned 1 [0034.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0034.269] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0034.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0034.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0034.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0034.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0034.269] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0034.269] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0034.269] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0034.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0034.269] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0034.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0034.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.270] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xae, lpOverlapped=0x0) returned 1 [0034.270] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.271] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xae, lpOverlapped=0x0) returned 1 [0034.271] CloseHandle (hObject=0x48) returned 1 [0034.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5c60 [0034.271] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini.adv")) returned 1 [0034.272] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c60 | out: hHeap=0x6d0000) returned 1 [0034.272] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0034.272] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Programs", cAlternateFileName="")) returned 1 [0034.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5ac0 [0034.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e5b68 [0034.272] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ac0 | out: hHeap=0x6d0000) returned 1 [0034.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5c60 [0034.272] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13f, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0034.272] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13f, cFileName="..", cAlternateFileName="")) returned 1 [0034.272] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13f, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0034.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d18 [0034.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5dd0 [0034.272] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0034.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.272] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5fa8 [0034.272] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.272] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0034.272] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="..", cAlternateFileName="")) returned 1 [0034.273] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0034.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60d0 [0034.273] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e61f8 [0034.273] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d71a60, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0034.273] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d71a60, cFileName="..", cAlternateFileName="")) returned 1 [0034.273] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x1d2dd9c, dwReserved1=0x28d71a60, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0034.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.273] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.273] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2c0, lpOverlapped=0x0) returned 1 [0034.274] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.274] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2c0, lpOverlapped=0x0) returned 1 [0034.274] CloseHandle (hObject=0x54) returned 1 [0034.274] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e6520 [0034.274] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.adv")) returned 1 [0034.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.278] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0x1d2dd9c, dwReserved1=0x28d71a60, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1 [0034.278] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.278] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.279] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x54e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x54e, lpOverlapped=0x0) returned 1 [0034.281] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.282] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x54e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x54e, lpOverlapped=0x0) returned 1 [0034.282] CloseHandle (hObject=0x54) returned 1 [0034.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e6520 [0034.282] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.adv")) returned 1 [0034.283] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.283] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.283] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0x1d2dd9c, dwReserved1=0x28d71a60, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0034.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.283] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.284] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ea, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4ea, lpOverlapped=0x0) returned 1 [0034.286] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.286] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ea, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4ea, lpOverlapped=0x0) returned 1 [0034.286] CloseHandle (hObject=0x54) returned 1 [0034.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e6520 [0034.287] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.adv")) returned 1 [0034.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.292] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x1d2dd9c, dwReserved1=0x28d71a60, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1 [0034.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.293] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ee, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4ee, lpOverlapped=0x0) returned 1 [0034.295] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.295] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ee, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4ee, lpOverlapped=0x0) returned 1 [0034.295] CloseHandle (hObject=0x54) returned 1 [0034.295] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e6520 [0034.295] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.adv")) returned 1 [0034.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.296] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x1d2dd9c, dwReserved1=0x28d71a60, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1 [0034.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.297] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4e2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4e2, lpOverlapped=0x0) returned 1 [0034.309] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.309] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4e2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4e2, lpOverlapped=0x0) returned 1 [0034.309] CloseHandle (hObject=0x54) returned 1 [0034.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e6520 [0034.309] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.adv")) returned 1 [0034.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.311] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x1d2dd9c, dwReserved1=0x28d71a60, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 0 [0034.311] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0034.311] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61f8 | out: hHeap=0x6d0000) returned 1 [0034.311] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60d0 | out: hHeap=0x6d0000) returned 1 [0034.311] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0034.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60d0 [0034.311] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.312] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x500, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x500, lpOverlapped=0x0) returned 1 [0034.314] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.314] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x500, lpOverlapped=0x0) returned 1 [0034.314] CloseHandle (hObject=0x50) returned 1 [0034.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e61f8 [0034.314] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk.adv")) returned 1 [0034.315] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61f8 | out: hHeap=0x6d0000) returned 1 [0034.315] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60d0 | out: hHeap=0x6d0000) returned 1 [0034.315] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0034.315] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.315] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60d0 [0034.315] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.316] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a6, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x2a6, lpOverlapped=0x0) returned 1 [0034.316] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.316] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x2a6, lpOverlapped=0x0) returned 1 [0034.317] CloseHandle (hObject=0x50) returned 1 [0034.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e61f8 [0034.317] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.adv")) returned 1 [0034.319] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61f8 | out: hHeap=0x6d0000) returned 1 [0034.319] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60d0 | out: hHeap=0x6d0000) returned 1 [0034.319] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0034.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60d0 [0034.319] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.321] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x518, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x518, lpOverlapped=0x0) returned 1 [0034.323] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.323] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x518, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x518, lpOverlapped=0x0) returned 1 [0034.324] CloseHandle (hObject=0x50) returned 1 [0034.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e61f8 [0034.324] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk.adv")) returned 1 [0034.325] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61f8 | out: hHeap=0x6d0000) returned 1 [0034.325] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60d0 | out: hHeap=0x6d0000) returned 1 [0034.325] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="Run.lnk", cAlternateFileName="")) returned 1 [0034.325] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.325] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60d0 [0034.325] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.326] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x106, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x106, lpOverlapped=0x0) returned 1 [0034.326] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.326] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x106, lpOverlapped=0x0) returned 1 [0034.327] CloseHandle (hObject=0x50) returned 1 [0034.327] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e61f8 [0034.327] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk.adv")) returned 1 [0034.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61f8 | out: hHeap=0x6d0000) returned 1 [0034.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60d0 | out: hHeap=0x6d0000) returned 1 [0034.328] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0034.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60d0 [0034.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e61f8 [0034.328] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x84, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0034.328] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x84, cFileName="..", cAlternateFileName="")) returned 1 [0034.328] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x84, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0034.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.329] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x106, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x106, lpOverlapped=0x0) returned 1 [0034.330] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.330] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x106, lpOverlapped=0x0) returned 1 [0034.330] CloseHandle (hObject=0x54) returned 1 [0034.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e6520 [0034.330] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk.adv")) returned 1 [0034.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.331] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x84, cFileName="Control Panel.lnk", cAlternateFileName="CONTRO~1.LNK")) returned 1 [0034.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.332] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x106, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x106, lpOverlapped=0x0) returned 1 [0034.333] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.333] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x106, lpOverlapped=0x0) returned 1 [0034.333] CloseHandle (hObject=0x54) returned 1 [0034.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e6520 [0034.333] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk.adv")) returned 1 [0034.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.334] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0x0, dwReserved1=0x84, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0034.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.334] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2e2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2e2, lpOverlapped=0x0) returned 1 [0034.335] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.335] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2e2, lpOverlapped=0x0) returned 1 [0034.335] CloseHandle (hObject=0x54) returned 1 [0034.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e6520 [0034.335] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.adv")) returned 1 [0034.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.336] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5df, dwReserved0=0x0, dwReserved1=0x84, cFileName="Internet Explorer (No Add-ons).lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0034.336] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.336] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.337] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5df, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x5df, lpOverlapped=0x0) returned 1 [0034.339] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.339] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5df, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x5df, lpOverlapped=0x0) returned 1 [0034.339] CloseHandle (hObject=0x54) returned 1 [0034.339] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e6520 [0034.339] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.adv")) returned 1 [0034.340] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.340] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.340] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x84, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1 [0034.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e62e0 [0034.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e63c8 [0034.340] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e62e0 | out: hHeap=0x6d0000) returned 1 [0034.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.341] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x51a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x51a, lpOverlapped=0x0) returned 1 [0034.343] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.343] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x51a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x51a, lpOverlapped=0x0) returned 1 [0034.343] CloseHandle (hObject=0x54) returned 1 [0034.343] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e6520 [0034.343] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.adv")) returned 1 [0034.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6520 | out: hHeap=0x6d0000) returned 1 [0034.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e63c8 | out: hHeap=0x6d0000) returned 1 [0034.344] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x84, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 0 [0034.344] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0034.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61f8 | out: hHeap=0x6d0000) returned 1 [0034.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60d0 | out: hHeap=0x6d0000) returned 1 [0034.344] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0034.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60d0 [0034.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.345] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4cc, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0034.349] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.349] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4cc, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0034.349] CloseHandle (hObject=0x50) returned 1 [0034.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e61f8 [0034.349] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk.adv")) returned 1 [0034.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61f8 | out: hHeap=0x6d0000) returned 1 [0034.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60d0 | out: hHeap=0x6d0000) returned 1 [0034.350] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0034.350] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0034.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fa8 | out: hHeap=0x6d0000) returned 1 [0034.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dd0 | out: hHeap=0x6d0000) returned 1 [0034.350] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13f, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0034.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d18 [0034.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5dd0 [0034.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0034.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5ee0 [0034.350] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0034.350] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="..", cAlternateFileName="")) returned 1 [0034.350] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0034.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5fc8 [0034.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14e) returned 0x6e60b0 [0034.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fc8 | out: hHeap=0x6d0000) returned 1 [0034.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.351] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xae, lpOverlapped=0x0) returned 1 [0034.351] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.351] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xae, lpOverlapped=0x0) returned 1 [0034.352] CloseHandle (hObject=0x50) returned 1 [0034.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e6208 [0034.352] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.adv")) returned 1 [0034.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6208 | out: hHeap=0x6d0000) returned 1 [0034.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60b0 | out: hHeap=0x6d0000) returned 1 [0034.353] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x2d7ae880, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0034.353] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0034.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dd0 | out: hHeap=0x6d0000) returned 1 [0034.353] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0x0, dwReserved1=0x13f, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0034.353] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d18 [0034.353] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5dd0 [0034.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0034.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.353] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1dc, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1dc, lpOverlapped=0x0) returned 1 [0034.360] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.360] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1dc, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1dc, lpOverlapped=0x0) returned 1 [0034.360] CloseHandle (hObject=0x4c) returned 1 [0034.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5ee0 [0034.360] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini.adv")) returned 1 [0034.361] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.361] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dd0 | out: hHeap=0x6d0000) returned 1 [0034.361] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x0, dwReserved1=0x13f, cFileName="Internet Explorer (64-bit).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0034.361] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d18 [0034.361] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5dd0 [0034.361] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0034.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.362] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x58b, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x58b, lpOverlapped=0x0) returned 1 [0034.367] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.367] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x58b, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x58b, lpOverlapped=0x0) returned 1 [0034.367] CloseHandle (hObject=0x4c) returned 1 [0034.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5ee0 [0034.367] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk.adv")) returned 1 [0034.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dd0 | out: hHeap=0x6d0000) returned 1 [0034.368] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x13f, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0034.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d18 [0034.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5dd0 [0034.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0034.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.369] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5ad, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x5ad, lpOverlapped=0x0) returned 1 [0034.372] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.372] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5ad, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x5ad, lpOverlapped=0x0) returned 1 [0034.372] CloseHandle (hObject=0x4c) returned 1 [0034.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5ee0 [0034.373] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk.adv")) returned 1 [0034.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dd0 | out: hHeap=0x6d0000) returned 1 [0034.374] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13f, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0034.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d18 [0034.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5dd0 [0034.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0034.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5fa8 [0034.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.374] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe6, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0034.374] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe6, cFileName="..", cAlternateFileName="")) returned 1 [0034.374] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0xe6, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0034.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60d0 [0034.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.375] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13e, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x13e, lpOverlapped=0x0) returned 1 [0034.375] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.375] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x13e, lpOverlapped=0x0) returned 1 [0034.375] CloseHandle (hObject=0x50) returned 1 [0034.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e61f8 [0034.375] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.adv")) returned 1 [0034.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61f8 | out: hHeap=0x6d0000) returned 1 [0034.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60d0 | out: hHeap=0x6d0000) returned 1 [0034.376] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0xe6, cFileName="Help.lnk", cAlternateFileName="")) returned 1 [0034.377] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.377] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e60d0 [0034.377] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.377] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x106, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x106, lpOverlapped=0x0) returned 1 [0034.378] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.378] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x106, lpOverlapped=0x0) returned 1 [0034.378] CloseHandle (hObject=0x50) returned 1 [0034.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e61f8 [0034.378] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk.adv")) returned 1 [0034.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61f8 | out: hHeap=0x6d0000) returned 1 [0034.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e60d0 | out: hHeap=0x6d0000) returned 1 [0034.379] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0xe6, cFileName="Help.lnk", cAlternateFileName="")) returned 0 [0034.379] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0034.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fa8 | out: hHeap=0x6d0000) returned 1 [0034.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dd0 | out: hHeap=0x6d0000) returned 1 [0034.379] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13f, cFileName="Startup", cAlternateFileName="")) returned 1 [0034.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5d18 [0034.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5dd0 [0034.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d18 | out: hHeap=0x6d0000) returned 1 [0034.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5ee0 [0034.380] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe6, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0034.380] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe6, cFileName="..", cAlternateFileName="")) returned 1 [0034.380] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0xe6, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0034.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5fa8 [0034.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e6070 [0034.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5fa8 | out: hHeap=0x6d0000) returned 1 [0034.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.380] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xae, lpOverlapped=0x0) returned 1 [0034.381] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.381] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xae, lpOverlapped=0x0) returned 1 [0034.381] CloseHandle (hObject=0x50) returned 1 [0034.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e6198 [0034.381] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.adv")) returned 1 [0034.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6198 | out: hHeap=0x6d0000) returned 1 [0034.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6070 | out: hHeap=0x6d0000) returned 1 [0034.382] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0xe6, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0034.382] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0034.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ee0 | out: hHeap=0x6d0000) returned 1 [0034.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5dd0 | out: hHeap=0x6d0000) returned 1 [0034.382] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x13f, cFileName="Startup", cAlternateFileName="")) returned 0 [0034.382] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0034.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c60 | out: hHeap=0x6d0000) returned 1 [0034.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b68 | out: hHeap=0x6d0000) returned 1 [0034.382] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="Programs", cAlternateFileName="")) returned 0 [0034.383] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0034.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0034.383] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0034.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0034.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0034.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0034.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5a18 [0034.383] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0034.383] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0034.383] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 0 [0034.383] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0034.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0034.383] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Themes", cAlternateFileName="")) returned 1 [0034.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0034.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0ab0 [0034.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0034.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5ab0 [0034.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.384] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0034.384] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="..", cAlternateFileName="")) returned 1 [0034.384] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd9d7d3c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x9cfab, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 1 [0034.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5a18 [0034.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5b90 [0034.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a18 | out: hHeap=0x6d0000) returned 1 [0034.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.384] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9cfab, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x9cfab, lpOverlapped=0x0) returned 1 [0034.392] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.392] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9cfab, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x9cfab, lpOverlapped=0x0) returned 1 [0034.393] CloseHandle (hObject=0x48) returned 1 [0034.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5c70 [0034.393] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.adv")) returned 1 [0034.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c70 | out: hHeap=0x6d0000) returned 1 [0034.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b90 | out: hHeap=0x6d0000) returned 1 [0034.394] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd9d7d3c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x9cfab, dwReserved0=0x1d2dd9c, dwReserved1=0x28cff640, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 0 [0034.394] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0034.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab0 | out: hHeap=0x6d0000) returned 1 [0034.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab0 | out: hHeap=0x6d0000) returned 1 [0034.394] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="Themes", cAlternateFileName="")) returned 0 [0034.394] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0034.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e8 | out: hHeap=0x6d0000) returned 1 [0034.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0034.394] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Word", cAlternateFileName="")) returned 1 [0034.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e58f0 [0034.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0034.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e58f0 | out: hHeap=0x6d0000) returned 1 [0034.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0960 [0034.394] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0034.396] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="..", cAlternateFileName="")) returned 1 [0034.396] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0034.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f09e8 [0034.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0a70 [0034.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e8 | out: hHeap=0x6d0000) returned 1 [0034.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0b38 [0034.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x27c7d150, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0034.397] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x27c7d150, cFileName="..", cAlternateFileName="")) returned 1 [0034.397] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0x27c7d150, cFileName="..", cAlternateFileName="")) returned 0 [0034.397] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0034.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b38 | out: hHeap=0x6d0000) returned 1 [0034.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a70 | out: hHeap=0x6d0000) returned 1 [0034.398] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x8d940a0, cFileName="STARTUP", cAlternateFileName="")) returned 0 [0034.398] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0034.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0034.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0034.399] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Word", cAlternateFileName="")) returned 0 [0034.399] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0034.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5968 | out: hHeap=0x6d0000) returned 1 [0034.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5858 | out: hHeap=0x6d0000) returned 1 [0034.399] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0034.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0034.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0034.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0034.399] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0034.399] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="..", cAlternateFileName="")) returned 1 [0034.399] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0034.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0034.399] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb458e750, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0034.407] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb458e750, cFileName="..", cAlternateFileName="")) returned 1 [0034.407] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb458e750, cFileName="..", cAlternateFileName="")) returned 0 [0034.407] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0034.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b50 | out: hHeap=0x6d0000) returned 1 [0034.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0034.407] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Firefox", cAlternateFileName="")) returned 1 [0034.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0034.407] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb458e750, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0034.411] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb458e750, cFileName="..", cAlternateFileName="")) returned 1 [0034.411] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb458e750, cFileName="Crash Reports", cAlternateFileName="CRASHR~1")) returned 1 [0034.411] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0034.411] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb26740e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0034.413] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb26740e0, cFileName="..", cAlternateFileName="")) returned 1 [0034.447] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x1d2dda4, dwReserved1=0xb26740e0, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 1 [0034.447] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59e8 | out: hHeap=0x6d0000) returned 1 [0034.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0034.540] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa, lpOverlapped=0x0) returned 1 [0034.540] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.540] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa, lpOverlapped=0x0) returned 1 [0034.541] CloseHandle (hObject=0x48) returned 1 [0034.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5b88 [0034.542] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332.adv")) returned 1 [0034.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b88 | out: hHeap=0x6d0000) returned 1 [0034.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5a90 | out: hHeap=0x6d0000) returned 1 [0034.543] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x1d2dda4, dwReserved1=0xb26740e0, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 0 [0034.543] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0034.543] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb458e750, cFileName="Profiles", cAlternateFileName="")) returned 1 [0034.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e57f0 [0034.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5878 [0034.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb26740e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0034.570] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb26740e0, cFileName="..", cAlternateFileName="")) returned 1 [0034.570] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb26740e0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0034.570] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e5940 [0034.570] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e5ab8 [0034.570] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0034.643] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="..", cAlternateFileName="")) returned 1 [0034.694] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="addons.json", cAlternateFileName="ADDONS~1.JSO")) returned 1 [0034.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.702] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0034.704] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.704] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0034.704] CloseHandle (hObject=0x4c) returned 1 [0034.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0034.705] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json.adv")) returned 1 [0034.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.706] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0034.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0034.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e5f48 [0034.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.706] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf8, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0034.752] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf8, cFileName="..", cAlternateFileName="")) returned 1 [0034.752] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0xf8, cFileName="bookmarks-2017-06-05_5.json", cAlternateFileName="BOOKMA~1.JSO")) returned 1 [0034.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0034.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e6088 [0034.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.753] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbdb, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xbdb, lpOverlapped=0x0) returned 1 [0034.754] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.754] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbdb, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xbdb, lpOverlapped=0x0) returned 1 [0034.754] CloseHandle (hObject=0x50) returned 1 [0034.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e61c8 [0034.755] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.adv")) returned 1 [0034.756] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61c8 | out: hHeap=0x6d0000) returned 1 [0034.756] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6088 | out: hHeap=0x6d0000) returned 1 [0034.756] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0xf8, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 1 [0034.756] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0034.756] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e6088 [0034.756] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0034.757] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbdb, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xbdb, lpOverlapped=0x0) returned 1 [0034.758] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.758] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbdb, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xbdb, lpOverlapped=0x0) returned 1 [0034.759] CloseHandle (hObject=0x50) returned 1 [0034.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e61c8 [0034.759] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.adv")) returned 1 [0034.759] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e61c8 | out: hHeap=0x6d0000) returned 1 [0034.759] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6088 | out: hHeap=0x6d0000) returned 1 [0034.759] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0xf8, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 0 [0034.759] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0034.760] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f48 | out: hHeap=0x6d0000) returned 1 [0034.760] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.760] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="cert8.db", cAlternateFileName="")) returned 1 [0034.760] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.760] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.760] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.761] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x10000, lpOverlapped=0x0) returned 1 [0034.763] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.763] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x10000, lpOverlapped=0x0) returned 1 [0034.763] CloseHandle (hObject=0x4c) returned 1 [0034.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0034.763] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db.adv")) returned 1 [0034.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.764] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="compatibility.ini", cAlternateFileName="COMPAT~1.INI")) returned 1 [0034.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.764] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xce, lpOverlapped=0x0) returned 1 [0034.765] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.765] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xce, lpOverlapped=0x0) returned 1 [0034.765] CloseHandle (hObject=0x4c) returned 1 [0034.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0034.765] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.adv")) returned 1 [0034.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.768] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb639bd10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x38000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="content-prefs.sqlite", cAlternateFileName="CONTEN~1.SQL")) returned 1 [0034.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.769] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x38000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x38000, lpOverlapped=0x0) returned 1 [0034.771] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.771] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x38000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x38000, lpOverlapped=0x0) returned 1 [0034.772] CloseHandle (hObject=0x4c) returned 1 [0034.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e5e70 [0034.772] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite.adv")) returned 1 [0034.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.773] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="cookies.sqlite", cAlternateFileName="COOKIE~1.SQL")) returned 1 [0034.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.773] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x80000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x80000, lpOverlapped=0x0) returned 1 [0034.795] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.795] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x80000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x80000, lpOverlapped=0x0) returned 1 [0034.797] CloseHandle (hObject=0x4c) returned 1 [0034.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0034.797] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite.adv")) returned 1 [0034.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.797] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbc555e20, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="downloads.sqlite", cAlternateFileName="DOWNLO~1.SQL")) returned 1 [0034.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.798] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x18000, lpOverlapped=0x0) returned 1 [0034.801] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.801] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x18000, lpOverlapped=0x0) returned 1 [0034.806] CloseHandle (hObject=0x4c) returned 1 [0034.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0034.806] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite.adv")) returned 1 [0034.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.807] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b81e50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x8d, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="extensions.ini", cAlternateFileName="EXTENS~1.INI")) returned 1 [0034.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.808] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8d, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x8d, lpOverlapped=0x0) returned 1 [0034.809] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.809] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8d, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x8d, lpOverlapped=0x0) returned 1 [0034.809] CloseHandle (hObject=0x4c) returned 1 [0034.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0034.809] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.adv")) returned 1 [0034.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.809] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b0fa30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x70000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="extensions.sqlite", cAlternateFileName="EXTENS~1.SQL")) returned 1 [0034.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.810] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x70000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x70000, lpOverlapped=0x0) returned 1 [0034.831] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.831] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x70000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x70000, lpOverlapped=0x0) returned 1 [0034.840] CloseHandle (hObject=0x4c) returned 1 [0034.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0034.840] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite.adv")) returned 1 [0034.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.845] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="indexedDB", cAlternateFileName="INDEXE~1")) returned 1 [0034.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0034.845] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf4, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0034.854] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf4, cFileName="..", cAlternateFileName="")) returned 1 [0034.854] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf4, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 1 [0034.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5f48 [0034.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e6020 [0034.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f48 | out: hHeap=0x6d0000) returned 1 [0034.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e6160 [0034.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb701b090, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0034.860] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb701b090, cFileName="..", cAlternateFileName="")) returned 1 [0034.860] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb701b090, cFileName=".metadata", cAlternateFileName="METADA~1")) returned 1 [0034.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e6258 [0034.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e6350 [0034.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6258 | out: hHeap=0x6d0000) returned 1 [0034.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0034.866] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.866] CloseHandle (hObject=0x54) returned 1 [0034.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e64c0 [0034.866] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata.adv")) returned 1 [0034.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e64c0 | out: hHeap=0x6d0000) returned 1 [0034.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6350 | out: hHeap=0x6d0000) returned 1 [0034.866] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb701b090, cFileName="idb", cAlternateFileName="")) returned 1 [0034.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e6258 [0034.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e6350 [0034.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6258 | out: hHeap=0x6d0000) returned 1 [0034.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e64c0 [0034.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1f, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0034.869] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1f, cFileName="..", cAlternateFileName="")) returned 1 [0034.869] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1f, cFileName="818200132aebmoouht", cAlternateFileName="818200~1")) returned 1 [0034.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e65c8 [0034.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ea7f8 [0034.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e65c8 | out: hHeap=0x6d0000) returned 1 [0034.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e65c8 [0034.869] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*", lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb8110d50, cFileName=".", cAlternateFileName="")) returned 0x6edac8 [0034.908] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb8110d50, cFileName="..", cAlternateFileName="")) returned 1 [0034.908] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31d420 | out: lpFindFileData=0x31d420*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb8110d50, cFileName="..", cAlternateFileName="")) returned 0 [0034.908] FindClose (in: hFindFile=0x6edac8 | out: hFindFile=0x6edac8) returned 1 [0034.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e65c8 | out: hHeap=0x6d0000) returned 1 [0034.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0034.908] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x0, dwReserved1=0x1f, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 1 [0034.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e65c8 [0034.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x17e) returned 0x6ea7f8 [0034.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e65c8 | out: hHeap=0x6d0000) returned 1 [0034.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0034.934] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa0000, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xa0000, lpOverlapped=0x0) returned 1 [0034.943] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.943] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa0000, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xa0000, lpOverlapped=0x0) returned 1 [0034.944] CloseHandle (hObject=0x58) returned 1 [0034.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e65c8 [0034.944] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.adv")) returned 1 [0034.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e65c8 | out: hHeap=0x6d0000) returned 1 [0034.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0034.945] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x0, dwReserved1=0x1f, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 0 [0034.945] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0034.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e64c0 | out: hHeap=0x6d0000) returned 1 [0034.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6350 | out: hHeap=0x6d0000) returned 1 [0034.946] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb701b090, cFileName="idb", cAlternateFileName="")) returned 0 [0034.946] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0034.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6160 | out: hHeap=0x6d0000) returned 1 [0034.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6020 | out: hHeap=0x6d0000) returned 1 [0034.946] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf4, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 0 [0034.946] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0034.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.946] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="key3.db", cAlternateFileName="")) returned 1 [0034.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.946] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0034.949] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.949] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0034.949] CloseHandle (hObject=0x4c) returned 1 [0034.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0034.949] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db.adv")) returned 1 [0034.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.950] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x850d63f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x501, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="localstore.rdf", cAlternateFileName="LOCALS~1.RDF")) returned 1 [0034.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.951] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x501, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x501, lpOverlapped=0x0) returned 1 [0034.952] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.952] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x501, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x501, lpOverlapped=0x0) returned 1 [0034.953] CloseHandle (hObject=0x4c) returned 1 [0034.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0034.953] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf.adv")) returned 1 [0034.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.953] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="marionette.log", cAlternateFileName="MARION~1.LOG")) returned 1 [0034.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.954] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x39, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x39, lpOverlapped=0x0) returned 1 [0034.955] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.955] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x39, lpOverlapped=0x0) returned 1 [0034.955] CloseHandle (hObject=0x4c) returned 1 [0034.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0034.955] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.adv")) returned 1 [0034.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.956] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb5175550, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xef3, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="mimeTypes.rdf", cAlternateFileName="MIMETY~1.RDF")) returned 1 [0034.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.957] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xef3, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xef3, lpOverlapped=0x0) returned 1 [0034.958] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.958] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xef3, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xef3, lpOverlapped=0x0) returned 1 [0034.958] CloseHandle (hObject=0x4c) returned 1 [0034.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0034.959] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf.adv")) returned 1 [0034.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.959] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="minidumps", cAlternateFileName="MINIDU~1")) returned 1 [0034.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0034.959] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf5, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0034.960] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf5, cFileName="..", cAlternateFileName="")) returned 1 [0034.960] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf5, cFileName="..", cAlternateFileName="")) returned 0 [0034.960] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0034.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.960] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="parent.lock", cAlternateFileName="PARENT~1.LOC")) returned 1 [0034.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.961] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.961] CloseHandle (hObject=0x4c) returned 1 [0034.961] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0034.961] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock.adv")) returned 1 [0034.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.963] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3b3f6e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="permissions.sqlite", cAlternateFileName="PERMIS~1.SQL")) returned 1 [0034.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.963] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x10000, lpOverlapped=0x0) returned 1 [0034.965] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0034.965] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x10000, lpOverlapped=0x0) returned 1 [0034.966] CloseHandle (hObject=0x4c) returned 1 [0034.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0034.966] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite.adv")) returned 1 [0034.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0034.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0034.966] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x82b58970, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa00000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="places.sqlite", cAlternateFileName="PLACES~1.SQL")) returned 1 [0034.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0034.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0034.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0034.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0034.967] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xa00000, lpOverlapped=0x0) returned 1 [0035.166] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.167] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa00000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xa00000, lpOverlapped=0x0) returned 1 [0035.294] CloseHandle (hObject=0x4c) returned 1 [0035.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0035.294] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite.adv")) returned 1 [0035.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.296] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="pluginreg.dat", cAlternateFileName="PLUGIN~1.DAT")) returned 1 [0035.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0035.296] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe14, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xe14, lpOverlapped=0x0) returned 1 [0035.300] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.300] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe14, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xe14, lpOverlapped=0x0) returned 1 [0035.300] CloseHandle (hObject=0x4c) returned 1 [0035.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0035.300] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat.adv")) returned 1 [0035.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.301] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x12069be0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="prefs.js", cAlternateFileName="")) returned 1 [0035.301] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.301] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0035.303] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfde, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xfde, lpOverlapped=0x0) returned 1 [0035.305] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.305] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfde, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xfde, lpOverlapped=0x0) returned 1 [0035.305] CloseHandle (hObject=0x4c) returned 1 [0035.305] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0035.306] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js.adv")) returned 1 [0035.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.306] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6fa8c70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4183, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="search.json", cAlternateFileName="SEARCH~1.JSO")) returned 1 [0035.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0035.307] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4183, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4183, lpOverlapped=0x0) returned 1 [0035.309] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.309] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4183, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4183, lpOverlapped=0x0) returned 1 [0035.309] CloseHandle (hObject=0x4c) returned 1 [0035.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0035.309] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json.adv")) returned 1 [0035.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.310] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb47c9bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="secmod.db", cAlternateFileName="")) returned 1 [0035.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0035.311] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0035.313] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.313] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0035.313] CloseHandle (hObject=0x4c) returned 1 [0035.313] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0035.313] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db.adv")) returned 1 [0035.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.314] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3787480, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="sessionstore.bak", cAlternateFileName="SESSIO~1.BAK")) returned 1 [0035.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.314] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0035.314] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d6, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x3d6, lpOverlapped=0x0) returned 1 [0035.316] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.316] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d6, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x3d6, lpOverlapped=0x0) returned 1 [0035.316] CloseHandle (hObject=0x4c) returned 1 [0035.316] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0035.316] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak.adv")) returned 1 [0035.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.317] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x84e029d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbc5, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="sessionstore.js", cAlternateFileName="SESSIO~1.JS")) returned 1 [0035.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.317] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0035.318] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbc5, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xbc5, lpOverlapped=0x0) returned 1 [0035.319] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.319] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbc5, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xbc5, lpOverlapped=0x0) returned 1 [0035.319] CloseHandle (hObject=0x4c) returned 1 [0035.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0035.319] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js.adv")) returned 1 [0035.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.320] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6f36850, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x50000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="signons.sqlite", cAlternateFileName="SIGNON~1.SQL")) returned 1 [0035.320] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.320] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.320] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0035.320] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x50000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x50000, lpOverlapped=0x0) returned 1 [0035.325] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.325] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x50000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x50000, lpOverlapped=0x0) returned 1 [0035.326] CloseHandle (hObject=0x4c) returned 1 [0035.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0035.326] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite.adv")) returned 1 [0035.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.327] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1d, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="times.json", cAlternateFileName="TIMES~1.JSO")) returned 1 [0035.327] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.327] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.327] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0035.328] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1d, lpOverlapped=0x0) returned 1 [0035.329] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.329] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1d, lpOverlapped=0x0) returned 1 [0035.329] CloseHandle (hObject=0x4c) returned 1 [0035.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e5e70 [0035.329] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.adv")) returned 1 [0035.330] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.330] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.330] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="webapps", cAlternateFileName="")) returned 1 [0035.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.330] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5e70 [0035.330] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e5f38 [0035.330] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.330] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf8, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0035.331] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf8, cFileName="..", cAlternateFileName="")) returned 1 [0035.331] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0xf8, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 1 [0035.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e5e70 [0035.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e6060 [0035.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0035.331] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x2, lpOverlapped=0x0) returned 1 [0035.332] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.332] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x2, lpOverlapped=0x0) returned 1 [0035.332] CloseHandle (hObject=0x50) returned 1 [0035.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e6188 [0035.333] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.adv")) returned 1 [0035.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6188 | out: hHeap=0x6d0000) returned 1 [0035.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6060 | out: hHeap=0x6d0000) returned 1 [0035.333] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0xf8, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 0 [0035.333] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0035.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5f38 | out: hHeap=0x6d0000) returned 1 [0035.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.333] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 1 [0035.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e5b98 [0035.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e5d60 [0035.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5b98 | out: hHeap=0x6d0000) returned 1 [0035.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0035.334] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x18000, lpOverlapped=0x0) returned 1 [0035.337] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.337] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x18000, lpOverlapped=0x0) returned 1 [0035.338] CloseHandle (hObject=0x4c) returned 1 [0035.338] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e5e70 [0035.338] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite.adv")) returned 1 [0035.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5e70 | out: hHeap=0x6d0000) returned 1 [0035.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5d60 | out: hHeap=0x6d0000) returned 1 [0035.339] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x1d2dda4, dwReserved1=0xb264df80, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 0 [0035.339] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0035.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5c50 | out: hHeap=0x6d0000) returned 1 [0035.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5ab8 | out: hHeap=0x6d0000) returned 1 [0035.339] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xb26740e0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 0 [0035.339] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0035.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e59d8 | out: hHeap=0x6d0000) returned 1 [0035.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5878 | out: hHeap=0x6d0000) returned 1 [0035.339] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x1d2dda4, dwReserved1=0xb458e750, cFileName="profiles.ini", cAlternateFileName="")) returned 1 [0035.339] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e57f0 [0035.339] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e5878 [0035.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e57f0 | out: hHeap=0x6d0000) returned 1 [0035.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.339] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6f, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x6f, lpOverlapped=0x0) returned 1 [0035.340] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.340] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6f, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x6f, lpOverlapped=0x0) returned 1 [0035.340] CloseHandle (hObject=0x44) returned 1 [0035.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e5940 [0035.340] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.adv")) returned 1 [0035.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5940 | out: hHeap=0x6d0000) returned 1 [0035.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5878 | out: hHeap=0x6d0000) returned 1 [0035.341] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x1d2dda4, dwReserved1=0xb458e750, cFileName="profiles.ini", cAlternateFileName="")) returned 0 [0035.341] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0035.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b50 | out: hHeap=0x6d0000) returned 1 [0035.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0035.341] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1b8, cFileName="Firefox", cAlternateFileName="")) returned 0 [0035.341] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.341] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeadabfb0, ftCreationTime.dwHighDateTime=0x1d5c406, ftLastAccessTime.dwLowDateTime=0xe73c2fa0, ftLastAccessTime.dwHighDateTime=0x1d5ba57, ftLastWriteTime.dwLowDateTime=0xe73c2fa0, ftLastWriteTime.dwHighDateTime=0x1d5ba57, nFileSizeHigh=0x0, nFileSizeLow=0x10895, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="nhxY.odt", cAlternateFileName="")) returned 1 [0035.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nhxY.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nhxy.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.342] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10895, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x10895, lpOverlapped=0x0) returned 1 [0035.343] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.343] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10895, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x10895, lpOverlapped=0x0) returned 1 [0035.343] CloseHandle (hObject=0x3c) returned 1 [0035.343] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f09b0 [0035.343] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nhxY.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nhxy.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nhxY.odt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nhxy.odt.adv")) returned 1 [0035.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.344] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2912ca50, ftCreationTime.dwHighDateTime=0x1d5bde7, ftLastAccessTime.dwLowDateTime=0xdc95b910, ftLastAccessTime.dwHighDateTime=0x1d5babe, ftLastWriteTime.dwLowDateTime=0xdc95b910, ftLastWriteTime.dwHighDateTime=0x1d5babe, nFileSizeHigh=0x0, nFileSizeLow=0x17707, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="nQS4_XxMleLMP.odp", cAlternateFileName="NQS4_X~1.ODP")) returned 1 [0035.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nQS4_XxMleLMP.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nqs4_xxmlelmp.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.345] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17707, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x17707, lpOverlapped=0x0) returned 1 [0035.346] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.346] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17707, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x17707, lpOverlapped=0x0) returned 1 [0035.346] CloseHandle (hObject=0x3c) returned 1 [0035.346] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.346] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nQS4_XxMleLMP.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nqs4_xxmlelmp.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\nQS4_XxMleLMP.odp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nqs4_xxmlelmp.odp.adv")) returned 1 [0035.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.347] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4487b60, ftCreationTime.dwHighDateTime=0x1d5c42b, ftLastAccessTime.dwLowDateTime=0x10a41260, ftLastAccessTime.dwHighDateTime=0x1d5c519, ftLastWriteTime.dwLowDateTime=0x10a41260, ftLastWriteTime.dwHighDateTime=0x1d5c519, nFileSizeHigh=0x0, nFileSizeLow=0x14399, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="O3XOPEcRxINo7Dd9.csv", cAlternateFileName="O3XOPE~1.CSV")) returned 1 [0035.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0918 [0035.347] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\O3XOPEcRxINo7Dd9.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\o3xopecrxino7dd9.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.348] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14399, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x14399, lpOverlapped=0x0) returned 1 [0035.349] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.349] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14399, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x14399, lpOverlapped=0x0) returned 1 [0035.349] CloseHandle (hObject=0x3c) returned 1 [0035.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.349] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\O3XOPEcRxINo7Dd9.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\o3xopecrxino7dd9.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\O3XOPEcRxINo7Dd9.csv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\o3xopecrxino7dd9.csv.adv")) returned 1 [0035.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.350] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef808120, ftCreationTime.dwHighDateTime=0x1d5bfc0, ftLastAccessTime.dwLowDateTime=0x13918cc0, ftLastAccessTime.dwHighDateTime=0x1d5c5c6, ftLastWriteTime.dwLowDateTime=0x13918cc0, ftLastWriteTime.dwHighDateTime=0x1d5c5c6, nFileSizeHigh=0x0, nFileSizeLow=0x10ed8, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="oUBEUXGC.jpg", cAlternateFileName="")) returned 1 [0035.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\oUBEUXGC.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oubeuxgc.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.350] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10ed8, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x10ed8, lpOverlapped=0x0) returned 1 [0035.351] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.351] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10ed8, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x10ed8, lpOverlapped=0x0) returned 1 [0035.352] CloseHandle (hObject=0x3c) returned 1 [0035.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f09b0 [0035.352] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\oUBEUXGC.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oubeuxgc.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\oUBEUXGC.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oubeuxgc.jpg.adv")) returned 1 [0035.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.353] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb02ece20, ftCreationTime.dwHighDateTime=0x1d5c338, ftLastAccessTime.dwLowDateTime=0x7d1e4790, ftLastAccessTime.dwHighDateTime=0x1d5c428, ftLastWriteTime.dwLowDateTime=0x7d1e4790, ftLastWriteTime.dwHighDateTime=0x1d5c428, nFileSizeHigh=0x0, nFileSizeLow=0xf42d, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="OvdBYnOpkctk1H8.pptx", cAlternateFileName="OVDBYN~1.PPT")) returned 1 [0035.353] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.353] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0918 [0035.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OvdBYnOpkctk1H8.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ovdbynopkctk1h8.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.354] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf42d, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xf42d, lpOverlapped=0x0) returned 1 [0035.355] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.355] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf42d, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xf42d, lpOverlapped=0x0) returned 1 [0035.355] CloseHandle (hObject=0x3c) returned 1 [0035.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.355] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OvdBYnOpkctk1H8.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ovdbynopkctk1h8.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OvdBYnOpkctk1H8.pptx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ovdbynopkctk1h8.pptx.adv")) returned 1 [0035.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.356] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bb6e40, ftCreationTime.dwHighDateTime=0x1d5bd5d, ftLastAccessTime.dwLowDateTime=0x97eaac00, ftLastAccessTime.dwHighDateTime=0x1d5c340, ftLastWriteTime.dwLowDateTime=0x97eaac00, ftLastWriteTime.dwHighDateTime=0x1d5c340, nFileSizeHigh=0x0, nFileSizeLow=0x130b, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="o_i47fol-O1o8 faK.m4a", cAlternateFileName="O_I47F~1.M4A")) returned 1 [0035.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0918 [0035.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\o_i47fol-O1o8 faK.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\o_i47fol-o1o8 fak.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.357] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x130b, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x130b, lpOverlapped=0x0) returned 1 [0035.358] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.358] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x130b, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x130b, lpOverlapped=0x0) returned 1 [0035.358] CloseHandle (hObject=0x3c) returned 1 [0035.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.358] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\o_i47fol-O1o8 faK.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\o_i47fol-o1o8 fak.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\o_i47fol-O1o8 faK.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\o_i47fol-o1o8 fak.m4a.adv")) returned 1 [0035.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.359] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3f29050, ftCreationTime.dwHighDateTime=0x1d5bd94, ftLastAccessTime.dwLowDateTime=0xfbd43f50, ftLastAccessTime.dwHighDateTime=0x1d5c5f8, ftLastWriteTime.dwLowDateTime=0xfbd43f50, ftLastWriteTime.dwHighDateTime=0x1d5c5f8, nFileSizeHigh=0x0, nFileSizeLow=0xaedd, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="qG5fB9.wav", cAlternateFileName="")) returned 1 [0035.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qG5fB9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qg5fb9.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.360] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaedd, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xaedd, lpOverlapped=0x0) returned 1 [0035.360] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.360] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaedd, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xaedd, lpOverlapped=0x0) returned 1 [0035.361] CloseHandle (hObject=0x3c) returned 1 [0035.361] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f09b0 [0035.361] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qG5fB9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qg5fb9.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qG5fB9.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qg5fb9.wav.adv")) returned 1 [0035.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.363] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2df158f0, ftCreationTime.dwHighDateTime=0x1d5bed9, ftLastAccessTime.dwLowDateTime=0x9a6aaed0, ftLastAccessTime.dwHighDateTime=0x1d5c3fe, ftLastWriteTime.dwLowDateTime=0x9a6aaed0, ftLastWriteTime.dwHighDateTime=0x1d5c3fe, nFileSizeHigh=0x0, nFileSizeLow=0x1809f, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="Qxk9D4oSxEeVAtQyXcK.mp3", cAlternateFileName="QXK9D4~1.MP3")) returned 1 [0035.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0918 [0035.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Qxk9D4oSxEeVAtQyXcK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qxk9d4osxeevatqyxck.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.363] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1809f, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1809f, lpOverlapped=0x0) returned 1 [0035.364] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.364] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1809f, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1809f, lpOverlapped=0x0) returned 1 [0035.365] CloseHandle (hObject=0x3c) returned 1 [0035.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09b0 [0035.365] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Qxk9D4oSxEeVAtQyXcK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qxk9d4osxeevatqyxck.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Qxk9D4oSxEeVAtQyXcK.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qxk9d4osxeevatqyxck.mp3.adv")) returned 1 [0035.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.366] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa104b410, ftCreationTime.dwHighDateTime=0x1d5c206, ftLastAccessTime.dwLowDateTime=0xdc523d30, ftLastAccessTime.dwHighDateTime=0x1d5c31e, ftLastWriteTime.dwLowDateTime=0xdc523d30, ftLastWriteTime.dwHighDateTime=0x1d5c31e, nFileSizeHigh=0x0, nFileSizeLow=0xa8e3, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="TgPmcqDbso7tGf4.png", cAlternateFileName="TGPMCQ~1.PNG")) returned 1 [0035.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0918 [0035.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TgPmcqDbso7tGf4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tgpmcqdbso7tgf4.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.366] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa8e3, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xa8e3, lpOverlapped=0x0) returned 1 [0035.367] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.367] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa8e3, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xa8e3, lpOverlapped=0x0) returned 1 [0035.368] CloseHandle (hObject=0x3c) returned 1 [0035.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.368] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TgPmcqDbso7tGf4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tgpmcqdbso7tgf4.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TgPmcqDbso7tGf4.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tgpmcqdbso7tgf4.png.adv")) returned 1 [0035.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.369] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9d72490, ftCreationTime.dwHighDateTime=0x1d5b7f4, ftLastAccessTime.dwLowDateTime=0x394cca00, ftLastAccessTime.dwHighDateTime=0x1d5c117, ftLastWriteTime.dwLowDateTime=0x394cca00, ftLastWriteTime.dwHighDateTime=0x1d5c117, nFileSizeHigh=0x0, nFileSizeLow=0xc14e, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="TigEWcNTUlCLoEC.wav", cAlternateFileName="TIGEWC~1.WAV")) returned 1 [0035.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0918 [0035.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TigEWcNTUlCLoEC.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tigewcntulcloec.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.369] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc14e, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xc14e, lpOverlapped=0x0) returned 1 [0035.370] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.370] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc14e, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xc14e, lpOverlapped=0x0) returned 1 [0035.371] CloseHandle (hObject=0x3c) returned 1 [0035.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.371] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TigEWcNTUlCLoEC.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tigewcntulcloec.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TigEWcNTUlCLoEC.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tigewcntulcloec.wav.adv")) returned 1 [0035.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.372] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1221d7f0, ftCreationTime.dwHighDateTime=0x1d5b6a3, ftLastAccessTime.dwLowDateTime=0x3bb4b8b0, ftLastAccessTime.dwHighDateTime=0x1d5c21c, ftLastWriteTime.dwLowDateTime=0x3bb4b8b0, ftLastWriteTime.dwHighDateTime=0x1d5c21c, nFileSizeHigh=0x0, nFileSizeLow=0x14318, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="TPIjoXe8O0pbTlNtq.gif", cAlternateFileName="TPIJOX~1.GIF")) returned 1 [0035.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0918 [0035.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TPIjoXe8O0pbTlNtq.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tpijoxe8o0pbtlntq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.372] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14318, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x14318, lpOverlapped=0x0) returned 1 [0035.374] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.374] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14318, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x14318, lpOverlapped=0x0) returned 1 [0035.374] CloseHandle (hObject=0x3c) returned 1 [0035.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.374] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TPIjoXe8O0pbTlNtq.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tpijoxe8o0pbtlntq.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\TPIjoXe8O0pbTlNtq.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tpijoxe8o0pbtlntq.gif.adv")) returned 1 [0035.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.376] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa98268c0, ftCreationTime.dwHighDateTime=0x1d5bee2, ftLastAccessTime.dwLowDateTime=0x22d27ca0, ftLastAccessTime.dwHighDateTime=0x1d5bae3, ftLastWriteTime.dwLowDateTime=0x22d27ca0, ftLastWriteTime.dwHighDateTime=0x1d5bae3, nFileSizeHigh=0x0, nFileSizeLow=0x18130, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="UF05.avi", cAlternateFileName="")) returned 1 [0035.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\UF05.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uf05.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.376] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18130, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x18130, lpOverlapped=0x0) returned 1 [0035.377] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.377] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18130, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x18130, lpOverlapped=0x0) returned 1 [0035.378] CloseHandle (hObject=0x3c) returned 1 [0035.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f09b0 [0035.378] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\UF05.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uf05.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\UF05.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uf05.avi.adv")) returned 1 [0035.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.379] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd342e9a0, ftCreationTime.dwHighDateTime=0x1d5c4ff, ftLastAccessTime.dwLowDateTime=0x31422a30, ftLastAccessTime.dwHighDateTime=0x1d5bfa0, ftLastWriteTime.dwLowDateTime=0x31422a30, ftLastWriteTime.dwHighDateTime=0x1d5bfa0, nFileSizeHigh=0x0, nFileSizeLow=0x1167b, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="UyJEP36YNWF29FQQV.png", cAlternateFileName="UYJEP3~1.PNG")) returned 1 [0035.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0918 [0035.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\UyJEP36YNWF29FQQV.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uyjep36ynwf29fqqv.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.380] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1167b, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1167b, lpOverlapped=0x0) returned 1 [0035.381] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.381] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1167b, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1167b, lpOverlapped=0x0) returned 1 [0035.381] CloseHandle (hObject=0x3c) returned 1 [0035.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.381] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\UyJEP36YNWF29FQQV.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uyjep36ynwf29fqqv.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\UyJEP36YNWF29FQQV.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\uyjep36ynwf29fqqv.png.adv")) returned 1 [0035.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.382] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x987160, ftCreationTime.dwHighDateTime=0x1d5b743, ftLastAccessTime.dwLowDateTime=0x3ddf7710, ftLastAccessTime.dwHighDateTime=0x1d5c14f, ftLastWriteTime.dwLowDateTime=0x3ddf7710, ftLastWriteTime.dwHighDateTime=0x1d5c14f, nFileSizeHigh=0x0, nFileSizeLow=0xf853, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="wcGVevay6.ots", cAlternateFileName="WCGVEV~1.OTS")) returned 1 [0035.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wcGVevay6.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wcgvevay6.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.383] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf853, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xf853, lpOverlapped=0x0) returned 1 [0035.384] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.384] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf853, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xf853, lpOverlapped=0x0) returned 1 [0035.384] CloseHandle (hObject=0x3c) returned 1 [0035.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f09b0 [0035.384] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wcGVevay6.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wcgvevay6.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wcGVevay6.ots.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wcgvevay6.ots.adv")) returned 1 [0035.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.385] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e9a4e90, ftCreationTime.dwHighDateTime=0x1d5c141, ftLastAccessTime.dwLowDateTime=0x1f95c880, ftLastAccessTime.dwHighDateTime=0x1d5c0d3, ftLastWriteTime.dwLowDateTime=0x1f95c880, ftLastWriteTime.dwHighDateTime=0x1d5c0d3, nFileSizeHigh=0x0, nFileSizeLow=0x45b8, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="x_aSr4CAmZ9Lvst.gif", cAlternateFileName="X_ASR4~1.GIF")) returned 1 [0035.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0918 [0035.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x_aSr4CAmZ9Lvst.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\x_asr4camz9lvst.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.386] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x45b8, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x45b8, lpOverlapped=0x0) returned 1 [0035.387] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.387] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x45b8, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x45b8, lpOverlapped=0x0) returned 1 [0035.387] CloseHandle (hObject=0x3c) returned 1 [0035.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.387] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x_aSr4CAmZ9Lvst.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\x_asr4camz9lvst.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x_aSr4CAmZ9Lvst.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\x_asr4camz9lvst.gif.adv")) returned 1 [0035.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.388] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x78b3d70, ftCreationTime.dwHighDateTime=0x1d5b79a, ftLastAccessTime.dwLowDateTime=0xaa345490, ftLastAccessTime.dwHighDateTime=0x1d5b848, ftLastWriteTime.dwLowDateTime=0xaa345490, ftLastWriteTime.dwHighDateTime=0x1d5b848, nFileSizeHigh=0x0, nFileSizeLow=0x1606b, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="ZmzmaHWHHtQ.gif", cAlternateFileName="ZMZMAH~1.GIF")) returned 1 [0035.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ZmzmaHWHHtQ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zmzmahwhhtq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.389] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1606b, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1606b, lpOverlapped=0x0) returned 1 [0035.390] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.390] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1606b, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1606b, lpOverlapped=0x0) returned 1 [0035.390] CloseHandle (hObject=0x3c) returned 1 [0035.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0035.390] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ZmzmaHWHHtQ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zmzmahwhhtq.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ZmzmaHWHHtQ.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zmzmahwhhtq.gif.adv")) returned 1 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.394] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x78b3d70, ftCreationTime.dwHighDateTime=0x1d5b79a, ftLastAccessTime.dwLowDateTime=0xaa345490, ftLastAccessTime.dwHighDateTime=0x1d5b848, ftLastWriteTime.dwLowDateTime=0xaa345490, ftLastWriteTime.dwHighDateTime=0x1d5b848, nFileSizeHigh=0x0, nFileSizeLow=0x1606b, dwReserved0=0xa0000003, dwReserved1=0x28cff640, cFileName="ZmzmaHWHHtQ.gif", cAlternateFileName="ZMZMAH~1.GIF")) returned 0 [0035.394] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5788 | out: hHeap=0x6d0000) returned 1 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c0 | out: hHeap=0x6d0000) returned 1 [0035.394] FindNextFileW (in: hFindFile=0x6e1f60, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa0417290, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa0417290, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="Roaming", cAlternateFileName="")) returned 0 [0035.394] FindClose (in: hFindFile=0x6e1f60 | out: hFindFile=0x6e1f60) returned 1 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0035.394] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0035.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f60 [0035.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2010 [0035.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2078 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.394] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa0417290, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa0417290, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="Roaming", cAlternateFileName="")) returned 0xffffffff [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2078 | out: hHeap=0x6d0000) returned 1 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0035.394] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0035.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f60 [0035.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1fa8 [0035.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.395] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0035.395] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="..", cAlternateFileName="")) returned 1 [0035.395] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0035.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f08b0 [0035.395] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.395] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x49a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x49a, lpOverlapped=0x0) returned 1 [0035.397] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.397] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x49a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x49a, lpOverlapped=0x0) returned 1 [0035.397] CloseHandle (hObject=0x38) returned 1 [0035.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0938 [0035.397] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.adv")) returned 1 [0035.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0938 | out: hHeap=0x6d0000) returned 1 [0035.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.398] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0035.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f08b0 [0035.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.398] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10b1e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x10b1e, lpOverlapped=0x0) returned 1 [0035.401] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.401] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10b1e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x10b1e, lpOverlapped=0x0) returned 1 [0035.401] CloseHandle (hObject=0x38) returned 1 [0035.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0938 [0035.401] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.adv")) returned 1 [0035.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0938 | out: hHeap=0x6d0000) returned 1 [0035.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.402] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0035.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f08b0 [0035.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.403] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x493, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x493, lpOverlapped=0x0) returned 1 [0035.404] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.404] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x493, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x493, lpOverlapped=0x0) returned 1 [0035.404] CloseHandle (hObject=0x38) returned 1 [0035.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0938 [0035.404] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.adv")) returned 1 [0035.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0938 | out: hHeap=0x6d0000) returned 1 [0035.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.405] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0035.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f08b0 [0035.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.406] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x499, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x499, lpOverlapped=0x0) returned 1 [0035.407] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.407] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x499, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x499, lpOverlapped=0x0) returned 1 [0035.407] CloseHandle (hObject=0x38) returned 1 [0035.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0938 [0035.407] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.adv")) returned 1 [0035.408] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0938 | out: hHeap=0x6d0000) returned 1 [0035.408] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.408] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6f08b0 [0035.408] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.408] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x19c, lpOverlapped=0x0) returned 1 [0035.409] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.409] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x19c, lpOverlapped=0x0) returned 1 [0035.409] CloseHandle (hObject=0x38) returned 1 [0035.409] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f0930 [0035.409] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini.adv")) returned 1 [0035.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0930 | out: hHeap=0x6d0000) returned 1 [0035.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.410] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0035.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f08b0 [0035.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.410] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x496, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x496, lpOverlapped=0x0) returned 1 [0035.412] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.412] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x496, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x496, lpOverlapped=0x0) returned 1 [0035.412] CloseHandle (hObject=0x38) returned 1 [0035.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0938 [0035.412] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.adv")) returned 1 [0035.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0938 | out: hHeap=0x6d0000) returned 1 [0035.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.413] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0035.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f08b0 [0035.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.413] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x494, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x494, lpOverlapped=0x0) returned 1 [0035.415] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.415] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x494, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x494, lpOverlapped=0x0) returned 1 [0035.415] CloseHandle (hObject=0x38) returned 1 [0035.415] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0938 [0035.415] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.adv")) returned 1 [0035.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0938 | out: hHeap=0x6d0000) returned 1 [0035.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.416] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0035.416] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0035.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0035.416] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0035.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f60 [0035.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1fa8 [0035.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.416] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="sikvnb huvuib.contact", cAlternateFileName="")) returned 0xffffffff [0035.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0035.416] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xacbb7260, ftLastAccessTime.dwHighDateTime=0x1d5d8ba, ftLastWriteTime.dwLowDateTime=0xacbb7260, ftLastWriteTime.dwHighDateTime=0x1d5d8ba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0035.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f60 [0035.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1fa8 [0035.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2010 [0035.416] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xacbb7260, ftLastAccessTime.dwHighDateTime=0x1d5d8ba, ftLastWriteTime.dwLowDateTime=0xacbb7260, ftLastWriteTime.dwHighDateTime=0x1d5d8ba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0035.416] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xacbb7260, ftLastAccessTime.dwHighDateTime=0x1d5d8ba, ftLastWriteTime.dwLowDateTime=0xacbb7260, ftLastWriteTime.dwHighDateTime=0x1d5d8ba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="..", cAlternateFileName="")) returned 1 [0035.416] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44aed360, ftCreationTime.dwHighDateTime=0x1d5bdc6, ftLastAccessTime.dwLowDateTime=0x4a704120, ftLastAccessTime.dwHighDateTime=0x1d5bf2a, ftLastWriteTime.dwLowDateTime=0x4a704120, ftLastWriteTime.dwHighDateTime=0x1d5bf2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="-G5R", cAlternateFileName="")) returned 1 [0035.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2068 [0035.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e20c0 [0035.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.416] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.417] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44aed360, ftCreationTime.dwHighDateTime=0x1d5bdc6, ftLastAccessTime.dwLowDateTime=0x4a704120, ftLastAccessTime.dwHighDateTime=0x1d5bf2a, ftLastWriteTime.dwLowDateTime=0x4a704120, ftLastWriteTime.dwHighDateTime=0x1d5bf2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.417] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44aed360, ftCreationTime.dwHighDateTime=0x1d5bdc6, ftLastAccessTime.dwLowDateTime=0x4a704120, ftLastAccessTime.dwHighDateTime=0x1d5bf2a, ftLastWriteTime.dwLowDateTime=0x4a704120, ftLastWriteTime.dwHighDateTime=0x1d5bf2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="..", cAlternateFileName="")) returned 1 [0035.417] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbea7450, ftCreationTime.dwHighDateTime=0x1d5beaa, ftLastAccessTime.dwLowDateTime=0x9cd81f40, ftLastAccessTime.dwHighDateTime=0x1d5c133, ftLastWriteTime.dwLowDateTime=0x9cd81f40, ftLastWriteTime.dwHighDateTime=0x1d5c133, nFileSizeHigh=0x0, nFileSizeLow=0x15e90, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="2eRbm.mp4", cAlternateFileName="")) returned 1 [0035.417] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f0918 [0035.417] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0980 [0035.417] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\2eRbm.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\2erbm.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.417] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15e90, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x15e90, lpOverlapped=0x0) returned 1 [0035.418] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.418] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15e90, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x15e90, lpOverlapped=0x0) returned 1 [0035.419] CloseHandle (hObject=0x3c) returned 1 [0035.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0a18 [0035.419] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\2eRbm.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\2erbm.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\2eRbm.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\2erbm.mp4.adv")) returned 1 [0035.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a18 | out: hHeap=0x6d0000) returned 1 [0035.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0980 | out: hHeap=0x6d0000) returned 1 [0035.419] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc94da150, ftCreationTime.dwHighDateTime=0x1d5c19a, ftLastAccessTime.dwLowDateTime=0xd54af4e0, ftLastAccessTime.dwHighDateTime=0x1d5c1ad, ftLastWriteTime.dwLowDateTime=0xd54af4e0, ftLastWriteTime.dwHighDateTime=0x1d5c1ad, nFileSizeHigh=0x0, nFileSizeLow=0x16a74, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="BtYGwiybS7_.mp4", cAlternateFileName="BTYGWI~1.MP4")) returned 1 [0035.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f0918 [0035.419] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0980 [0035.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\BtYGwiybS7_.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\btygwiybs7_.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.420] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16a74, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x16a74, lpOverlapped=0x0) returned 1 [0035.421] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.421] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16a74, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x16a74, lpOverlapped=0x0) returned 1 [0035.421] CloseHandle (hObject=0x3c) returned 1 [0035.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0a18 [0035.422] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\BtYGwiybS7_.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\btygwiybs7_.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\BtYGwiybS7_.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\btygwiybs7_.mp4.adv")) returned 1 [0035.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a18 | out: hHeap=0x6d0000) returned 1 [0035.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0980 | out: hHeap=0x6d0000) returned 1 [0035.422] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54070540, ftCreationTime.dwHighDateTime=0x1d5c20c, ftLastAccessTime.dwLowDateTime=0xb83bef40, ftLastAccessTime.dwHighDateTime=0x1d5bb49, ftLastWriteTime.dwLowDateTime=0xb83bef40, ftLastWriteTime.dwHighDateTime=0x1d5bb49, nFileSizeHigh=0x0, nFileSizeLow=0x10d39, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="Q49Y-3.mp4", cAlternateFileName="")) returned 1 [0035.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f0918 [0035.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0980 [0035.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\Q49Y-3.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\q49y-3.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.423] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10d39, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x10d39, lpOverlapped=0x0) returned 1 [0035.424] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.424] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10d39, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x10d39, lpOverlapped=0x0) returned 1 [0035.424] CloseHandle (hObject=0x3c) returned 1 [0035.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6f0a18 [0035.424] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\Q49Y-3.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\q49y-3.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\Q49Y-3.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\q49y-3.mp4.adv")) returned 1 [0035.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a18 | out: hHeap=0x6d0000) returned 1 [0035.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0980 | out: hHeap=0x6d0000) returned 1 [0035.425] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c81a030, ftCreationTime.dwHighDateTime=0x1d5c5b3, ftLastAccessTime.dwLowDateTime=0x22d27f50, ftLastAccessTime.dwHighDateTime=0x1d5c107, ftLastWriteTime.dwLowDateTime=0x22d27f50, ftLastWriteTime.dwHighDateTime=0x1d5c107, nFileSizeHigh=0x0, nFileSizeLow=0x7769, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="x92qTh0PgGe0407nfaos.m4a", cAlternateFileName="X92QTH~1.M4A")) returned 1 [0035.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f0918 [0035.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0980 [0035.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\x92qTh0PgGe0407nfaos.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\x92qth0pgge0407nfaos.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.425] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7769, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x7769, lpOverlapped=0x0) returned 1 [0035.426] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.426] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7769, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x7769, lpOverlapped=0x0) returned 1 [0035.426] CloseHandle (hObject=0x3c) returned 1 [0035.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a18 [0035.426] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\x92qTh0PgGe0407nfaos.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\x92qth0pgge0407nfaos.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\x92qTh0PgGe0407nfaos.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\x92qth0pgge0407nfaos.m4a.adv")) returned 1 [0035.427] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a18 | out: hHeap=0x6d0000) returned 1 [0035.427] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0980 | out: hHeap=0x6d0000) returned 1 [0035.427] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x681ac580, ftCreationTime.dwHighDateTime=0x1d5b60e, ftLastAccessTime.dwLowDateTime=0x588aae20, ftLastAccessTime.dwHighDateTime=0x1d5b783, ftLastWriteTime.dwLowDateTime=0x588aae20, ftLastWriteTime.dwHighDateTime=0x1d5b783, nFileSizeHigh=0x0, nFileSizeLow=0x7e7, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="YjGqIavz7bUUVQoSaGN.wav", cAlternateFileName="YJGQIA~1.WAV")) returned 1 [0035.427] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f0918 [0035.427] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0980 [0035.427] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\YjGqIavz7bUUVQoSaGN.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\yjgqiavz7buuvqosagn.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.427] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7e7, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x7e7, lpOverlapped=0x0) returned 1 [0035.428] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.428] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7e7, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x7e7, lpOverlapped=0x0) returned 1 [0035.428] CloseHandle (hObject=0x3c) returned 1 [0035.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a18 [0035.428] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\YjGqIavz7bUUVQoSaGN.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\yjgqiavz7buuvqosagn.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-G5R\\YjGqIavz7bUUVQoSaGN.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-g5r\\yjgqiavz7buuvqosagn.wav.adv")) returned 1 [0035.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a18 | out: hHeap=0x6d0000) returned 1 [0035.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0980 | out: hHeap=0x6d0000) returned 1 [0035.429] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x681ac580, ftCreationTime.dwHighDateTime=0x1d5b60e, ftLastAccessTime.dwLowDateTime=0x588aae20, ftLastAccessTime.dwHighDateTime=0x1d5b783, ftLastWriteTime.dwLowDateTime=0x588aae20, ftLastWriteTime.dwHighDateTime=0x1d5b783, nFileSizeHigh=0x0, nFileSizeLow=0x7e7, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="YjGqIavz7bUUVQoSaGN.wav", cAlternateFileName="YJGQIA~1.WAV")) returned 0 [0035.429] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c0 | out: hHeap=0x6d0000) returned 1 [0035.429] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9c515790, ftCreationTime.dwHighDateTime=0x1d5be08, ftLastAccessTime.dwLowDateTime=0xe39e5dd0, ftLastAccessTime.dwHighDateTime=0x1d5b8f6, ftLastWriteTime.dwLowDateTime=0xe39e5dd0, ftLastWriteTime.dwHighDateTime=0x1d5b8f6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="0r2DOGOmozF-E1KU", cAlternateFileName="0R2DOG~1")) returned 1 [0035.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2068 [0035.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e20c0 [0035.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f08b0 [0035.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0928 [0035.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.429] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0r2DOGOmozF-E1KU\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9c515790, ftCreationTime.dwHighDateTime=0x1d5be08, ftLastAccessTime.dwLowDateTime=0xe39e5dd0, ftLastAccessTime.dwHighDateTime=0x1d5b8f6, ftLastWriteTime.dwLowDateTime=0xe39e5dd0, ftLastWriteTime.dwHighDateTime=0x1d5b8f6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.430] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9c515790, ftCreationTime.dwHighDateTime=0x1d5be08, ftLastAccessTime.dwLowDateTime=0xe39e5dd0, ftLastAccessTime.dwHighDateTime=0x1d5b8f6, ftLastWriteTime.dwLowDateTime=0xe39e5dd0, ftLastWriteTime.dwHighDateTime=0x1d5b8f6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="..", cAlternateFileName="")) returned 1 [0035.430] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e85eaf0, ftCreationTime.dwHighDateTime=0x1d5b6b4, ftLastAccessTime.dwLowDateTime=0x904f3880, ftLastAccessTime.dwHighDateTime=0x1d5c318, ftLastWriteTime.dwLowDateTime=0x904f3880, ftLastWriteTime.dwHighDateTime=0x1d5c318, nFileSizeHigh=0x0, nFileSizeLow=0x869f, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="2muI3d-a1wPUvZlrNnh.swf", cAlternateFileName="2MUI3D~1.SWF")) returned 1 [0035.430] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f08b0 [0035.430] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f09d8 [0035.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0r2DOGOmozF-E1KU\\2muI3d-a1wPUvZlrNnh.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0r2dogomozf-e1ku\\2mui3d-a1wpuvzlrnnh.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.430] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x869f, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x869f, lpOverlapped=0x0) returned 1 [0035.434] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.434] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x869f, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x869f, lpOverlapped=0x0) returned 1 [0035.434] CloseHandle (hObject=0x3c) returned 1 [0035.434] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a88 [0035.434] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0r2DOGOmozF-E1KU\\2muI3d-a1wPUvZlrNnh.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0r2dogomozf-e1ku\\2mui3d-a1wpuvzlrnnh.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0r2DOGOmozF-E1KU\\2muI3d-a1wPUvZlrNnh.swf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0r2dogomozf-e1ku\\2mui3d-a1wpuvzlrnnh.swf.adv")) returned 1 [0035.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a88 | out: hHeap=0x6d0000) returned 1 [0035.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09d8 | out: hHeap=0x6d0000) returned 1 [0035.435] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e85eaf0, ftCreationTime.dwHighDateTime=0x1d5b6b4, ftLastAccessTime.dwLowDateTime=0x904f3880, ftLastAccessTime.dwHighDateTime=0x1d5c318, ftLastWriteTime.dwLowDateTime=0x904f3880, ftLastWriteTime.dwHighDateTime=0x1d5c318, nFileSizeHigh=0x0, nFileSizeLow=0x869f, dwReserved0=0x1d2dd9c, dwReserved1=0xacbb7260, cFileName="2muI3d-a1wPUvZlrNnh.swf", cAlternateFileName="2MUI3D~1.SWF")) returned 0 [0035.435] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0928 | out: hHeap=0x6d0000) returned 1 [0035.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c0 | out: hHeap=0x6d0000) returned 1 [0035.435] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dd90d90, ftCreationTime.dwHighDateTime=0x1d5bdaf, ftLastAccessTime.dwLowDateTime=0x709b7890, ftLastAccessTime.dwHighDateTime=0x1d5be3c, ftLastWriteTime.dwLowDateTime=0x709b7890, ftLastWriteTime.dwHighDateTime=0x1d5be3c, nFileSizeHigh=0x0, nFileSizeLow=0x20ab, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="3ajiU_hNiwMSUQx0kCq.jpg", cAlternateFileName="3AJIU_~1.JPG")) returned 1 [0035.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2068 [0035.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e20c0 [0035.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3ajiU_hNiwMSUQx0kCq.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3ajiu_hniwmsuqx0kcq.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.436] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20ab, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x20ab, lpOverlapped=0x0) returned 1 [0035.436] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.437] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20ab, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x20ab, lpOverlapped=0x0) returned 1 [0035.437] CloseHandle (hObject=0x38) returned 1 [0035.437] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.437] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3ajiU_hNiwMSUQx0kCq.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3ajiu_hniwmsuqx0kcq.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3ajiU_hNiwMSUQx0kCq.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3ajiu_hniwmsuqx0kcq.jpg.adv")) returned 1 [0035.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c0 | out: hHeap=0x6d0000) returned 1 [0035.438] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ec8e30, ftCreationTime.dwHighDateTime=0x1d5b605, ftLastAccessTime.dwLowDateTime=0x6655d5f0, ftLastAccessTime.dwHighDateTime=0x1d5b76c, ftLastWriteTime.dwLowDateTime=0x6655d5f0, ftLastWriteTime.dwHighDateTime=0x1d5b76c, nFileSizeHigh=0x0, nFileSizeLow=0x165f2, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="9E2VCS Gmj.swf", cAlternateFileName="9E2VCS~1.SWF")) returned 1 [0035.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2068 [0035.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e20c0 [0035.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9E2VCS Gmj.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9e2vcs gmj.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.438] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x165f2, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x165f2, lpOverlapped=0x0) returned 1 [0035.440] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.440] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x165f2, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x165f2, lpOverlapped=0x0) returned 1 [0035.440] CloseHandle (hObject=0x38) returned 1 [0035.440] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.440] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9E2VCS Gmj.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9e2vcs gmj.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9E2VCS Gmj.swf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9e2vcs gmj.swf.adv")) returned 1 [0035.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c0 | out: hHeap=0x6d0000) returned 1 [0035.441] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae33e9d0, ftCreationTime.dwHighDateTime=0x1d5b806, ftLastAccessTime.dwLowDateTime=0xb0dcf180, ftLastAccessTime.dwHighDateTime=0x1d5c482, ftLastWriteTime.dwLowDateTime=0xb0dcf180, ftLastWriteTime.dwHighDateTime=0x1d5c482, nFileSizeHigh=0x0, nFileSizeLow=0xf6a2, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="bf09y9euTXNuFxBCG.bmp", cAlternateFileName="BF09Y9~1.BMP")) returned 1 [0035.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bf09y9euTXNuFxBCG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bf09y9eutxnufxbcg.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.441] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf6a2, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xf6a2, lpOverlapped=0x0) returned 1 [0035.442] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.443] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf6a2, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xf6a2, lpOverlapped=0x0) returned 1 [0035.443] CloseHandle (hObject=0x38) returned 1 [0035.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.443] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bf09y9euTXNuFxBCG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bf09y9eutxnufxbcg.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bf09y9euTXNuFxBCG.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bf09y9eutxnufxbcg.bmp.adv")) returned 1 [0035.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.444] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.444] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0035.445] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.445] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0035.445] CloseHandle (hObject=0x38) returned 1 [0035.445] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.445] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini.adv")) returned 1 [0035.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.447] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9c786f0, ftCreationTime.dwHighDateTime=0x1d5b949, ftLastAccessTime.dwLowDateTime=0xe62eeef0, ftLastAccessTime.dwHighDateTime=0x1d5bbc3, ftLastWriteTime.dwLowDateTime=0xe62eeef0, ftLastWriteTime.dwHighDateTime=0x1d5bbc3, nFileSizeHigh=0x0, nFileSizeLow=0x2735, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="duder3TLri0JoHeS4GU.odt", cAlternateFileName="DUDER3~1.ODT")) returned 1 [0035.447] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.447] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.447] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\duder3TLri0JoHeS4GU.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\duder3tlri0johes4gu.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.447] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2735, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x2735, lpOverlapped=0x0) returned 1 [0035.448] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.448] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2735, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x2735, lpOverlapped=0x0) returned 1 [0035.448] CloseHandle (hObject=0x38) returned 1 [0035.448] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2068 [0035.448] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\duder3TLri0JoHeS4GU.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\duder3tlri0johes4gu.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\duder3TLri0JoHeS4GU.odt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\duder3tlri0johes4gu.odt.adv")) returned 1 [0035.449] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.449] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.449] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc09df20, ftCreationTime.dwHighDateTime=0x1d5c406, ftLastAccessTime.dwLowDateTime=0x8df50b0, ftLastAccessTime.dwHighDateTime=0x1d5c50c, ftLastWriteTime.dwLowDateTime=0x8df50b0, ftLastWriteTime.dwHighDateTime=0x1d5c50c, nFileSizeHigh=0x0, nFileSizeLow=0x2f8c, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="F1X Y.odt", cAlternateFileName="F1XY~1.ODT")) returned 1 [0035.449] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.449] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.449] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F1X Y.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f1x y.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.449] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2f8c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x2f8c, lpOverlapped=0x0) returned 1 [0035.450] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.450] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2f8c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x2f8c, lpOverlapped=0x0) returned 1 [0035.450] CloseHandle (hObject=0x38) returned 1 [0035.450] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.451] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F1X Y.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f1x y.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F1X Y.odt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f1x y.odt.adv")) returned 1 [0035.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.452] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4575080, ftCreationTime.dwHighDateTime=0x1d5d8ba, ftLastAccessTime.dwLowDateTime=0xa4575080, ftLastAccessTime.dwHighDateTime=0x1d5d8ba, ftLastWriteTime.dwLowDateTime=0xa15c6000, ftLastWriteTime.dwHighDateTime=0x1d5d8ba, nFileSizeHigh=0x0, nFileSizeLow=0x15400, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="FCT.exe", cAlternateFileName="")) returned 1 [0035.452] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.452] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FCT.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fct.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0035.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.452] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b1bb5c0, ftCreationTime.dwHighDateTime=0x1d5c231, ftLastAccessTime.dwLowDateTime=0x34448f60, ftLastAccessTime.dwHighDateTime=0x1d5baab, ftLastWriteTime.dwLowDateTime=0x34448f60, ftLastWriteTime.dwHighDateTime=0x1d5baab, nFileSizeHigh=0x0, nFileSizeLow=0x11fcf, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="gjcJix-YZPBPm p.mp3", cAlternateFileName="GJCJIX~1.MP3")) returned 1 [0035.452] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.452] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.452] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjcJix-YZPBPm p.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjcjix-yzpbpm p.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.452] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11fcf, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x11fcf, lpOverlapped=0x0) returned 1 [0035.453] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.453] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11fcf, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x11fcf, lpOverlapped=0x0) returned 1 [0035.454] CloseHandle (hObject=0x38) returned 1 [0035.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.454] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjcJix-YZPBPm p.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjcjix-yzpbpm p.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjcJix-YZPBPm p.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjcjix-yzpbpm p.mp3.adv")) returned 1 [0035.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.455] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf29fee30, ftCreationTime.dwHighDateTime=0x1d5c1b0, ftLastAccessTime.dwLowDateTime=0x6f1d78d0, ftLastAccessTime.dwHighDateTime=0x1d5bb83, ftLastWriteTime.dwLowDateTime=0x6f1d78d0, ftLastWriteTime.dwHighDateTime=0x1d5bb83, nFileSizeHigh=0x0, nFileSizeLow=0xb928, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="HNXTN_XfAcsUija.docx", cAlternateFileName="HNXTN_~1.DOC")) returned 1 [0035.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HNXTN_XfAcsUija.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hnxtn_xfacsuija.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.455] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb928, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xb928, lpOverlapped=0x0) returned 1 [0035.456] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.456] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb928, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xb928, lpOverlapped=0x0) returned 1 [0035.457] CloseHandle (hObject=0x38) returned 1 [0035.457] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HNXTN_XfAcsUija.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hnxtn_xfacsuija.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HNXTN_XfAcsUija.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hnxtn_xfacsuija.docx.adv")) returned 1 [0035.458] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.458] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.458] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93cc1f00, ftCreationTime.dwHighDateTime=0x1d5b58a, ftLastAccessTime.dwLowDateTime=0xb4f51910, ftLastAccessTime.dwHighDateTime=0x1d5b761, ftLastWriteTime.dwLowDateTime=0xb4f51910, ftLastWriteTime.dwHighDateTime=0x1d5b761, nFileSizeHigh=0x0, nFileSizeLow=0x148b7, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="iqiygjUc4w-KRoOYm_.mp4", cAlternateFileName="IQIYGJ~1.MP4")) returned 1 [0035.458] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.458] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.458] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iqiygjUc4w-KRoOYm_.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iqiygjuc4w-krooym_.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.458] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x148b7, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x148b7, lpOverlapped=0x0) returned 1 [0035.459] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.459] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x148b7, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x148b7, lpOverlapped=0x0) returned 1 [0035.460] CloseHandle (hObject=0x38) returned 1 [0035.460] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2068 [0035.460] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iqiygjUc4w-KRoOYm_.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iqiygjuc4w-krooym_.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iqiygjUc4w-KRoOYm_.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iqiygjuc4w-krooym_.mp4.adv")) returned 1 [0035.461] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.461] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.461] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e395010, ftCreationTime.dwHighDateTime=0x1d5b64f, ftLastAccessTime.dwLowDateTime=0x7e9cfb40, ftLastAccessTime.dwHighDateTime=0x1d5b625, ftLastWriteTime.dwLowDateTime=0x7e9cfb40, ftLastWriteTime.dwHighDateTime=0x1d5b625, nFileSizeHigh=0x0, nFileSizeLow=0x16179, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="j_MolIFhIt.rtf", cAlternateFileName="J_MOLI~1.RTF")) returned 1 [0035.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.461] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.461] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j_MolIFhIt.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j_molifhit.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.462] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16179, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x16179, lpOverlapped=0x0) returned 1 [0035.463] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.463] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16179, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x16179, lpOverlapped=0x0) returned 1 [0035.463] CloseHandle (hObject=0x38) returned 1 [0035.463] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.463] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j_MolIFhIt.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j_molifhit.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j_MolIFhIt.rtf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j_molifhit.rtf.adv")) returned 1 [0035.464] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.464] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.464] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b68a360, ftCreationTime.dwHighDateTime=0x1d5c0dc, ftLastAccessTime.dwLowDateTime=0xfdc119d0, ftLastAccessTime.dwHighDateTime=0x1d5be66, ftLastWriteTime.dwLowDateTime=0xfdc119d0, ftLastWriteTime.dwHighDateTime=0x1d5be66, nFileSizeHigh=0x0, nFileSizeLow=0x1616f, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="ljkx-q2zNo9LHnf4f.flv", cAlternateFileName="LJKX-Q~1.FLV")) returned 1 [0035.465] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.465] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.465] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ljkx-q2zNo9LHnf4f.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ljkx-q2zno9lhnf4f.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.466] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1616f, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1616f, lpOverlapped=0x0) returned 1 [0035.467] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.467] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1616f, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1616f, lpOverlapped=0x0) returned 1 [0035.468] CloseHandle (hObject=0x38) returned 1 [0035.468] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.468] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ljkx-q2zNo9LHnf4f.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ljkx-q2zno9lhnf4f.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ljkx-q2zNo9LHnf4f.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ljkx-q2zno9lhnf4f.flv.adv")) returned 1 [0035.469] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.469] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.469] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ad85460, ftCreationTime.dwHighDateTime=0x1d5bd11, ftLastAccessTime.dwLowDateTime=0xb8e81d90, ftLastAccessTime.dwHighDateTime=0x1d5ba74, ftLastWriteTime.dwLowDateTime=0xb8e81d90, ftLastWriteTime.dwHighDateTime=0x1d5ba74, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="LrVcZFdlS2CBQvbuJ4TT", cAlternateFileName="LRVCZF~1")) returned 1 [0035.469] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.469] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.469] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.469] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.469] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ad85460, ftCreationTime.dwHighDateTime=0x1d5bd11, ftLastAccessTime.dwLowDateTime=0xb8e81d90, ftLastAccessTime.dwHighDateTime=0x1d5ba74, ftLastWriteTime.dwLowDateTime=0xb8e81d90, ftLastWriteTime.dwHighDateTime=0x1d5ba74, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x8, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.469] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ad85460, ftCreationTime.dwHighDateTime=0x1d5bd11, ftLastAccessTime.dwLowDateTime=0xb8e81d90, ftLastAccessTime.dwHighDateTime=0x1d5ba74, ftLastWriteTime.dwLowDateTime=0xb8e81d90, ftLastWriteTime.dwHighDateTime=0x1d5ba74, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x8, cFileName="..", cAlternateFileName="")) returned 1 [0035.469] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed45ed60, ftCreationTime.dwHighDateTime=0x1d5c113, ftLastAccessTime.dwLowDateTime=0x9c686a60, ftLastAccessTime.dwHighDateTime=0x1d5c06b, ftLastWriteTime.dwLowDateTime=0x9c686a60, ftLastWriteTime.dwHighDateTime=0x1d5c06b, nFileSizeHigh=0x0, nFileSizeLow=0x13fea, dwReserved0=0x0, dwReserved1=0x8, cFileName="JyhC4 3213DB_N4d.wav", cAlternateFileName="JYHC43~1.WAV")) returned 1 [0035.469] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0035.469] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2068 [0035.469] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0035.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\JyhC4 3213DB_N4d.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lrvczfdls2cbqvbuj4tt\\jyhc4 3213db_n4d.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.470] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13fea, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x13fea, lpOverlapped=0x0) returned 1 [0035.471] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.471] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13fea, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x13fea, lpOverlapped=0x0) returned 1 [0035.471] CloseHandle (hObject=0x3c) returned 1 [0035.471] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.471] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\JyhC4 3213DB_N4d.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lrvczfdls2cbqvbuj4tt\\jyhc4 3213db_n4d.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\JyhC4 3213DB_N4d.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lrvczfdls2cbqvbuj4tt\\jyhc4 3213db_n4d.wav.adv")) returned 1 [0035.472] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.472] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.472] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23d53160, ftCreationTime.dwHighDateTime=0x1d5b787, ftLastAccessTime.dwLowDateTime=0xa0b9fd80, ftLastAccessTime.dwHighDateTime=0x1d5c319, ftLastWriteTime.dwLowDateTime=0xa0b9fd80, ftLastWriteTime.dwHighDateTime=0x1d5c319, nFileSizeHigh=0x0, nFileSizeLow=0x14ac6, dwReserved0=0x0, dwReserved1=0x8, cFileName="xbBajQpTFlbiKeH-9R3h.mp4", cAlternateFileName="XBBAJQ~1.MP4")) returned 1 [0035.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0035.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2068 [0035.472] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0035.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\xbBajQpTFlbiKeH-9R3h.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lrvczfdls2cbqvbuj4tt\\xbbajqptflbikeh-9r3h.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.473] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14ac6, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x14ac6, lpOverlapped=0x0) returned 1 [0035.474] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.474] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14ac6, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x14ac6, lpOverlapped=0x0) returned 1 [0035.474] CloseHandle (hObject=0x3c) returned 1 [0035.474] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.474] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\xbBajQpTFlbiKeH-9R3h.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lrvczfdls2cbqvbuj4tt\\xbbajqptflbikeh-9r3h.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\xbBajQpTFlbiKeH-9R3h.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lrvczfdls2cbqvbuj4tt\\xbbajqptflbikeh-9r3h.mp4.adv")) returned 1 [0035.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.475] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb08a46a0, ftCreationTime.dwHighDateTime=0x1d5b7ea, ftLastAccessTime.dwLowDateTime=0xe87aa590, ftLastAccessTime.dwHighDateTime=0x1d5b692, ftLastWriteTime.dwLowDateTime=0xe87aa590, ftLastWriteTime.dwHighDateTime=0x1d5b692, nFileSizeHigh=0x0, nFileSizeLow=0x992, dwReserved0=0x0, dwReserved1=0x8, cFileName="xUKjw9PzIZmSx.bmp", cAlternateFileName="XUKJW9~1.BMP")) returned 1 [0035.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0035.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2068 [0035.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0035.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\xUKjw9PzIZmSx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lrvczfdls2cbqvbuj4tt\\xukjw9pzizmsx.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.476] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x992, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x992, lpOverlapped=0x0) returned 1 [0035.477] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.477] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x992, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x992, lpOverlapped=0x0) returned 1 [0035.477] CloseHandle (hObject=0x3c) returned 1 [0035.477] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.477] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\xUKjw9PzIZmSx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lrvczfdls2cbqvbuj4tt\\xukjw9pzizmsx.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LrVcZFdlS2CBQvbuJ4TT\\xUKjw9PzIZmSx.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lrvczfdls2cbqvbuj4tt\\xukjw9pzizmsx.bmp.adv")) returned 1 [0035.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.478] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb08a46a0, ftCreationTime.dwHighDateTime=0x1d5b7ea, ftLastAccessTime.dwLowDateTime=0xe87aa590, ftLastAccessTime.dwHighDateTime=0x1d5b692, ftLastWriteTime.dwLowDateTime=0xe87aa590, ftLastWriteTime.dwHighDateTime=0x1d5b692, nFileSizeHigh=0x0, nFileSizeLow=0x992, dwReserved0=0x0, dwReserved1=0x8, cFileName="xUKjw9PzIZmSx.bmp", cAlternateFileName="XUKJW9~1.BMP")) returned 0 [0035.478] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.478] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9596ae0, ftCreationTime.dwHighDateTime=0x1d5bac6, ftLastAccessTime.dwLowDateTime=0x2249e130, ftLastAccessTime.dwHighDateTime=0x1d5bc8f, ftLastWriteTime.dwLowDateTime=0x2249e130, ftLastWriteTime.dwHighDateTime=0x1d5bc8f, nFileSizeHigh=0x0, nFileSizeLow=0xa88e, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="LSqzELB3Et.pdf", cAlternateFileName="LSQZEL~1.PDF")) returned 1 [0035.478] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.478] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.478] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LSqzELB3Et.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lsqzelb3et.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.478] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa88e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xa88e, lpOverlapped=0x0) returned 1 [0035.480] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.480] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa88e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xa88e, lpOverlapped=0x0) returned 1 [0035.480] CloseHandle (hObject=0x38) returned 1 [0035.481] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.481] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LSqzELB3Et.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lsqzelb3et.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LSqzELB3Et.pdf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lsqzelb3et.pdf.adv")) returned 1 [0035.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.482] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ebf48a0, ftCreationTime.dwHighDateTime=0x1d5b9fc, ftLastAccessTime.dwLowDateTime=0xe0f6aa80, ftLastAccessTime.dwHighDateTime=0x1d5bb74, ftLastWriteTime.dwLowDateTime=0xe0f6aa80, ftLastWriteTime.dwHighDateTime=0x1d5bb74, nFileSizeHigh=0x0, nFileSizeLow=0x436b, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="oC4tqwxJSv.jpg", cAlternateFileName="OC4TQW~1.JPG")) returned 1 [0035.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.482] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.482] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oC4tqwxJSv.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oc4tqwxjsv.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.482] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x436b, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x436b, lpOverlapped=0x0) returned 1 [0035.483] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.483] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x436b, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x436b, lpOverlapped=0x0) returned 1 [0035.483] CloseHandle (hObject=0x38) returned 1 [0035.483] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.483] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oC4tqwxJSv.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oc4tqwxjsv.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oC4tqwxJSv.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oc4tqwxjsv.jpg.adv")) returned 1 [0035.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.484] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb26adcc0, ftCreationTime.dwHighDateTime=0x1d5c1ca, ftLastAccessTime.dwLowDateTime=0x7f7df8e0, ftLastAccessTime.dwHighDateTime=0x1d5c2bc, ftLastWriteTime.dwLowDateTime=0x7f7df8e0, ftLastWriteTime.dwHighDateTime=0x1d5c2bc, nFileSizeHigh=0x0, nFileSizeLow=0x18526, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="OHFl_nHnbd.png", cAlternateFileName="OHFL_N~1.PNG")) returned 1 [0035.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.484] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.484] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OHFl_nHnbd.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ohfl_nhnbd.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.485] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18526, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x18526, lpOverlapped=0x0) returned 1 [0035.486] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.486] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18526, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x18526, lpOverlapped=0x0) returned 1 [0035.486] CloseHandle (hObject=0x38) returned 1 [0035.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.486] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OHFl_nHnbd.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ohfl_nhnbd.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OHFl_nHnbd.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ohfl_nhnbd.png.adv")) returned 1 [0035.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.487] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bd1ec90, ftCreationTime.dwHighDateTime=0x1d5c4d3, ftLastAccessTime.dwLowDateTime=0xa050a6d0, ftLastAccessTime.dwHighDateTime=0x1d5b975, ftLastWriteTime.dwLowDateTime=0xa050a6d0, ftLastWriteTime.dwHighDateTime=0x1d5b975, nFileSizeHigh=0x0, nFileSizeLow=0x6b9d, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="OXZq_nBqK2eSxtQGMWc.m4a", cAlternateFileName="OXZQ_N~1.M4A")) returned 1 [0035.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.488] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.488] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OXZq_nBqK2eSxtQGMWc.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oxzq_nbqk2esxtqgmwc.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.488] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6b9d, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x6b9d, lpOverlapped=0x0) returned 1 [0035.489] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.489] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6b9d, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x6b9d, lpOverlapped=0x0) returned 1 [0035.489] CloseHandle (hObject=0x38) returned 1 [0035.489] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2068 [0035.489] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OXZq_nBqK2eSxtQGMWc.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oxzq_nbqk2esxtqgmwc.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OXZq_nBqK2eSxtQGMWc.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oxzq_nbqk2esxtqgmwc.m4a.adv")) returned 1 [0035.490] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.490] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.490] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x392c42a0, ftCreationTime.dwHighDateTime=0x1d5c499, ftLastAccessTime.dwLowDateTime=0xe200a3b0, ftLastAccessTime.dwHighDateTime=0x1d5bf96, ftLastWriteTime.dwLowDateTime=0xe200a3b0, ftLastWriteTime.dwHighDateTime=0x1d5bf96, nFileSizeHigh=0x0, nFileSizeLow=0x9034, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="uHLuRDQPpopt.swf", cAlternateFileName="UHLURD~1.SWF")) returned 1 [0035.490] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.490] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.490] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uHLuRDQPpopt.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uhlurdqppopt.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.490] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9034, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x9034, lpOverlapped=0x0) returned 1 [0035.491] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.491] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9034, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x9034, lpOverlapped=0x0) returned 1 [0035.492] CloseHandle (hObject=0x38) returned 1 [0035.492] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.492] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uHLuRDQPpopt.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uhlurdqppopt.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uHLuRDQPpopt.swf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uhlurdqppopt.swf.adv")) returned 1 [0035.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.493] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ba45db0, ftCreationTime.dwHighDateTime=0x1d5be9c, ftLastAccessTime.dwLowDateTime=0x8b6dc210, ftLastAccessTime.dwHighDateTime=0x1d5c4f7, ftLastWriteTime.dwLowDateTime=0x8b6dc210, ftLastWriteTime.dwHighDateTime=0x1d5c4f7, nFileSizeHigh=0x0, nFileSizeLow=0x3120, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="X fNbMzt_tkFi.xlsx", cAlternateFileName="XFNBMZ~1.XLS")) returned 1 [0035.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.493] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X fNbMzt_tkFi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x fnbmzt_tkfi.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.493] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3120, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x3120, lpOverlapped=0x0) returned 1 [0035.494] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.494] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3120, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x3120, lpOverlapped=0x0) returned 1 [0035.494] CloseHandle (hObject=0x38) returned 1 [0035.494] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.495] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X fNbMzt_tkFi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x fnbmzt_tkfi.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X fNbMzt_tkFi.xlsx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x fnbmzt_tkfi.xlsx.adv")) returned 1 [0035.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.496] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ea84700, ftCreationTime.dwHighDateTime=0x1d5bafb, ftLastAccessTime.dwLowDateTime=0xccf65de0, ftLastAccessTime.dwHighDateTime=0x1d5b6ed, ftLastWriteTime.dwLowDateTime=0xccf65de0, ftLastWriteTime.dwHighDateTime=0x1d5b6ed, nFileSizeHigh=0x0, nFileSizeLow=0x1d1c, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="y5tqsA6pol7.mp4", cAlternateFileName="Y5TQSA~1.MP4")) returned 1 [0035.496] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.496] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.496] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y5tqsA6pol7.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y5tqsa6pol7.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.496] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d1c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1d1c, lpOverlapped=0x0) returned 1 [0035.497] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.497] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d1c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1d1c, lpOverlapped=0x0) returned 1 [0035.497] CloseHandle (hObject=0x38) returned 1 [0035.497] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.497] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y5tqsA6pol7.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y5tqsa6pol7.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\y5tqsA6pol7.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\y5tqsa6pol7.mp4.adv")) returned 1 [0035.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.498] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe318de50, ftCreationTime.dwHighDateTime=0x1d5b8ef, ftLastAccessTime.dwLowDateTime=0x74834930, ftLastAccessTime.dwHighDateTime=0x1d5be80, ftLastWriteTime.dwLowDateTime=0x74834930, ftLastWriteTime.dwHighDateTime=0x1d5be80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="zMME", cAlternateFileName="")) returned 1 [0035.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe318de50, ftCreationTime.dwHighDateTime=0x1d5b8ef, ftLastAccessTime.dwLowDateTime=0x74834930, ftLastAccessTime.dwHighDateTime=0x1d5be80, ftLastWriteTime.dwLowDateTime=0x74834930, ftLastWriteTime.dwHighDateTime=0x1d5be80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.498] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe318de50, ftCreationTime.dwHighDateTime=0x1d5b8ef, ftLastAccessTime.dwLowDateTime=0x74834930, ftLastAccessTime.dwHighDateTime=0x1d5be80, ftLastWriteTime.dwLowDateTime=0x74834930, ftLastWriteTime.dwHighDateTime=0x1d5be80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0035.498] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34b6f690, ftCreationTime.dwHighDateTime=0x1d5b9b6, ftLastAccessTime.dwLowDateTime=0x38ec1dd0, ftLastAccessTime.dwHighDateTime=0x1d5c4c4, ftLastWriteTime.dwLowDateTime=0x38ec1dd0, ftLastWriteTime.dwHighDateTime=0x1d5c4c4, nFileSizeHigh=0x0, nFileSizeLow=0xd9d8, dwReserved0=0x0, dwReserved1=0x54, cFileName="41_iBIkUBpzw.wav", cAlternateFileName="41_IBI~1.WAV")) returned 1 [0035.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\41_iBIkUBpzw.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\41_ibikubpzw.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.499] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd9d8, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xd9d8, lpOverlapped=0x0) returned 1 [0035.500] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.500] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd9d8, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xd9d8, lpOverlapped=0x0) returned 1 [0035.500] CloseHandle (hObject=0x3c) returned 1 [0035.500] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.500] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\41_iBIkUBpzw.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\41_ibikubpzw.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\41_iBIkUBpzw.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\41_ibikubpzw.wav.adv")) returned 1 [0035.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.501] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97da0a60, ftCreationTime.dwHighDateTime=0x1d5c365, ftLastAccessTime.dwLowDateTime=0x854ed080, ftLastAccessTime.dwHighDateTime=0x1d5b5e9, ftLastWriteTime.dwLowDateTime=0x854ed080, ftLastWriteTime.dwHighDateTime=0x1d5b5e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="H92slFF", cAlternateFileName="")) returned 1 [0035.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f09b0 [0035.501] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97da0a60, ftCreationTime.dwHighDateTime=0x1d5c365, ftLastAccessTime.dwLowDateTime=0x854ed080, ftLastAccessTime.dwHighDateTime=0x1d5b5e9, ftLastWriteTime.dwLowDateTime=0x854ed080, ftLastWriteTime.dwHighDateTime=0x1d5b5e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x33, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0035.501] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97da0a60, ftCreationTime.dwHighDateTime=0x1d5c365, ftLastAccessTime.dwLowDateTime=0x854ed080, ftLastAccessTime.dwHighDateTime=0x1d5b5e9, ftLastWriteTime.dwLowDateTime=0x854ed080, ftLastWriteTime.dwHighDateTime=0x1d5b5e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x33, cFileName="..", cAlternateFileName="")) returned 1 [0035.501] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3175740, ftCreationTime.dwHighDateTime=0x1d5b990, ftLastAccessTime.dwLowDateTime=0x91c11e00, ftLastAccessTime.dwHighDateTime=0x1d5c547, ftLastWriteTime.dwLowDateTime=0x91c11e00, ftLastWriteTime.dwHighDateTime=0x1d5c547, nFileSizeHigh=0x0, nFileSizeLow=0x13154, dwReserved0=0x0, dwReserved1=0x33, cFileName="f2dTHxoDqfKD6X56WC7.gif", cAlternateFileName="F2DTHX~1.GIF")) returned 1 [0035.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f0a28 [0035.501] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0aa0 [0035.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0035.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\f2dTHxoDqfKD6X56WC7.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\f2dthxodqfkd6x56wc7.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.502] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13154, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x13154, lpOverlapped=0x0) returned 1 [0035.503] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.503] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13154, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x13154, lpOverlapped=0x0) returned 1 [0035.503] CloseHandle (hObject=0x40) returned 1 [0035.503] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6ea7f8 [0035.503] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\f2dTHxoDqfKD6X56WC7.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\f2dthxodqfkd6x56wc7.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\f2dTHxoDqfKD6X56WC7.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\f2dthxodqfkd6x56wc7.gif.adv")) returned 1 [0035.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0035.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0035.505] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2db0dde0, ftCreationTime.dwHighDateTime=0x1d5b720, ftLastAccessTime.dwLowDateTime=0x62bfe500, ftLastAccessTime.dwHighDateTime=0x1d5b8cc, ftLastWriteTime.dwLowDateTime=0x62bfe500, ftLastWriteTime.dwHighDateTime=0x1d5b8cc, nFileSizeHigh=0x0, nFileSizeLow=0xd31b, dwReserved0=0x0, dwReserved1=0x33, cFileName="J ru.bmp", cAlternateFileName="JRU~1.BMP")) returned 1 [0035.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f0a28 [0035.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0aa0 [0035.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0035.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\J ru.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\j ru.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.505] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd31b, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xd31b, lpOverlapped=0x0) returned 1 [0035.506] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.506] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd31b, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xd31b, lpOverlapped=0x0) returned 1 [0035.506] CloseHandle (hObject=0x40) returned 1 [0035.506] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.506] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\J ru.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\j ru.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\J ru.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\j ru.bmp.adv")) returned 1 [0035.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0035.507] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0fd5bc0, ftCreationTime.dwHighDateTime=0x1d5bf5a, ftLastAccessTime.dwLowDateTime=0xd86bab60, ftLastAccessTime.dwHighDateTime=0x1d5c135, ftLastWriteTime.dwLowDateTime=0xd86bab60, ftLastWriteTime.dwHighDateTime=0x1d5c135, nFileSizeHigh=0x0, nFileSizeLow=0x173d1, dwReserved0=0x0, dwReserved1=0x33, cFileName="PgNlNXitS2-.odp", cAlternateFileName="PGNLNX~1.ODP")) returned 1 [0035.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f0a28 [0035.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0aa0 [0035.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0035.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\PgNlNXitS2-.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\pgnlnxits2-.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.508] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x173d1, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x173d1, lpOverlapped=0x0) returned 1 [0035.509] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.509] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x173d1, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x173d1, lpOverlapped=0x0) returned 1 [0035.509] CloseHandle (hObject=0x40) returned 1 [0035.510] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0b50 [0035.510] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\PgNlNXitS2-.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\pgnlnxits2-.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\PgNlNXitS2-.odp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\pgnlnxits2-.odp.adv")) returned 1 [0035.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b50 | out: hHeap=0x6d0000) returned 1 [0035.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0035.511] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32bfdb20, ftCreationTime.dwHighDateTime=0x1d5c372, ftLastAccessTime.dwLowDateTime=0x2822dde0, ftLastAccessTime.dwHighDateTime=0x1d5be5c, ftLastWriteTime.dwLowDateTime=0x2822dde0, ftLastWriteTime.dwHighDateTime=0x1d5be5c, nFileSizeHigh=0x0, nFileSizeLow=0x62b6, dwReserved0=0x0, dwReserved1=0x33, cFileName="SPhP0S.avi", cAlternateFileName="")) returned 1 [0035.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f0a28 [0035.511] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0aa0 [0035.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0035.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\SPhP0S.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\sphp0s.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.511] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x62b6, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x62b6, lpOverlapped=0x0) returned 1 [0035.512] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.512] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x62b6, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x62b6, lpOverlapped=0x0) returned 1 [0035.512] CloseHandle (hObject=0x40) returned 1 [0035.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0b50 [0035.512] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\SPhP0S.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\sphp0s.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\SPhP0S.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\sphp0s.avi.adv")) returned 1 [0035.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b50 | out: hHeap=0x6d0000) returned 1 [0035.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0035.513] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbbc70eb0, ftCreationTime.dwHighDateTime=0x1d5b59f, ftLastAccessTime.dwLowDateTime=0x7fb3cf20, ftLastAccessTime.dwHighDateTime=0x1d5be4c, ftLastWriteTime.dwLowDateTime=0x7fb3cf20, ftLastWriteTime.dwHighDateTime=0x1d5be4c, nFileSizeHigh=0x0, nFileSizeLow=0x15d22, dwReserved0=0x0, dwReserved1=0x33, cFileName="TUl gxm3Zwwka4onJx4I.jpg", cAlternateFileName="TULGXM~1.JPG")) returned 1 [0035.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f0a28 [0035.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0aa0 [0035.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0035.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\TUl gxm3Zwwka4onJx4I.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\tul gxm3zwwka4onjx4i.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.513] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15d22, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x15d22, lpOverlapped=0x0) returned 1 [0035.515] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.515] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15d22, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x15d22, lpOverlapped=0x0) returned 1 [0035.515] CloseHandle (hObject=0x40) returned 1 [0035.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6ea7f8 [0035.515] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\TUl gxm3Zwwka4onJx4I.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\tul gxm3zwwka4onjx4i.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\H92slFF\\TUl gxm3Zwwka4onJx4I.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\h92slff\\tul gxm3zwwka4onjx4i.jpg.adv")) returned 1 [0035.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0035.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0035.516] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbbc70eb0, ftCreationTime.dwHighDateTime=0x1d5b59f, ftLastAccessTime.dwLowDateTime=0x7fb3cf20, ftLastAccessTime.dwHighDateTime=0x1d5be4c, ftLastWriteTime.dwLowDateTime=0x7fb3cf20, ftLastWriteTime.dwHighDateTime=0x1d5be4c, nFileSizeHigh=0x0, nFileSizeLow=0x15d22, dwReserved0=0x0, dwReserved1=0x33, cFileName="TUl gxm3Zwwka4onJx4I.jpg", cAlternateFileName="TULGXM~1.JPG")) returned 0 [0035.516] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0035.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0035.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.516] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef8a0, ftCreationTime.dwHighDateTime=0x1d5c3a2, ftLastAccessTime.dwLowDateTime=0x20ddc200, ftLastAccessTime.dwHighDateTime=0x1d5c048, ftLastWriteTime.dwLowDateTime=0x20ddc200, ftLastWriteTime.dwHighDateTime=0x1d5c048, nFileSizeHigh=0x0, nFileSizeLow=0x9688, dwReserved0=0x0, dwReserved1=0x54, cFileName="PedsK.gif", cAlternateFileName="")) returned 1 [0035.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0035.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0035.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\PedsK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\pedsk.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.517] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9688, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x9688, lpOverlapped=0x0) returned 1 [0035.517] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.517] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9688, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x9688, lpOverlapped=0x0) returned 1 [0035.518] CloseHandle (hObject=0x3c) returned 1 [0035.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.518] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\PedsK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\pedsk.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zMME\\PedsK.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zmme\\pedsk.gif.adv")) returned 1 [0035.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0035.519] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef8a0, ftCreationTime.dwHighDateTime=0x1d5c3a2, ftLastAccessTime.dwLowDateTime=0x20ddc200, ftLastAccessTime.dwHighDateTime=0x1d5c048, ftLastWriteTime.dwLowDateTime=0x20ddc200, ftLastWriteTime.dwHighDateTime=0x1d5c048, nFileSizeHigh=0x0, nFileSizeLow=0x9688, dwReserved0=0x0, dwReserved1=0x54, cFileName="PedsK.gif", cAlternateFileName="")) returned 0 [0035.519] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.519] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30aa4a40, ftCreationTime.dwHighDateTime=0x1d5bf90, ftLastAccessTime.dwLowDateTime=0x99430500, ftLastAccessTime.dwHighDateTime=0x1d5b5d7, ftLastWriteTime.dwLowDateTime=0x99430500, ftLastWriteTime.dwHighDateTime=0x1d5b5d7, nFileSizeHigh=0x0, nFileSizeLow=0xd498, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="_G4x2ry5 VgS.mkv", cAlternateFileName="_G4X2R~1.MKV")) returned 1 [0035.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2068 [0035.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_G4x2ry5 VgS.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_g4x2ry5 vgs.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.519] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd498, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xd498, lpOverlapped=0x0) returned 1 [0035.520] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.520] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd498, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xd498, lpOverlapped=0x0) returned 1 [0035.521] CloseHandle (hObject=0x38) returned 1 [0035.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.523] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_G4x2ry5 VgS.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_g4x2ry5 vgs.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_G4x2ry5 VgS.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_g4x2ry5 vgs.mkv.adv")) returned 1 [0035.524] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.524] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2068 | out: hHeap=0x6d0000) returned 1 [0035.524] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30aa4a40, ftCreationTime.dwHighDateTime=0x1d5bf90, ftLastAccessTime.dwLowDateTime=0x99430500, ftLastAccessTime.dwHighDateTime=0x1d5b5d7, ftLastWriteTime.dwLowDateTime=0x99430500, ftLastWriteTime.dwHighDateTime=0x1d5b5d7, nFileSizeHigh=0x0, nFileSizeLow=0xd498, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="_G4x2ry5 VgS.mkv", cAlternateFileName="_G4X2R~1.MKV")) returned 0 [0035.524] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0035.524] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.524] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0035.524] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9fe23b90, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9fe23b90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0035.524] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.524] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f60 [0035.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e1fc8 [0035.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.525] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9fe23b90, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9fe23b90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0035.525] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9fe23b90, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9fe23b90, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="..", cAlternateFileName="")) returned 1 [0035.525] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16cf3b10, ftCreationTime.dwHighDateTime=0x1d55fca, ftLastAccessTime.dwLowDateTime=0x701d7db0, ftLastAccessTime.dwHighDateTime=0x1d574f8, ftLastWriteTime.dwLowDateTime=0x701d7db0, ftLastWriteTime.dwHighDateTime=0x1d574f8, nFileSizeHigh=0x0, nFileSizeLow=0x18811, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="-eZcfTFK.docx", cAlternateFileName="-EZCFT~1.DOC")) returned 1 [0035.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-eZcfTFK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-ezcftfk.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.525] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18811, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x18811, lpOverlapped=0x0) returned 1 [0035.526] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.527] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18811, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x18811, lpOverlapped=0x0) returned 1 [0035.527] CloseHandle (hObject=0x38) returned 1 [0035.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.527] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-eZcfTFK.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-ezcftfk.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-eZcfTFK.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-ezcftfk.docx.adv")) returned 1 [0035.528] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.528] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.528] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c8f5ae0, ftCreationTime.dwHighDateTime=0x1d55bb1, ftLastAccessTime.dwLowDateTime=0xb68e1c80, ftLastAccessTime.dwHighDateTime=0x1d561d6, ftLastWriteTime.dwLowDateTime=0xb68e1c80, ftLastWriteTime.dwHighDateTime=0x1d561d6, nFileSizeHigh=0x0, nFileSizeLow=0x5cbc, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="1iX8r_.pptx", cAlternateFileName="1IX8R_~1.PPT")) returned 1 [0035.528] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.528] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.528] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1iX8r_.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1ix8r_.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.529] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5cbc, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x5cbc, lpOverlapped=0x0) returned 1 [0035.529] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.529] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5cbc, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x5cbc, lpOverlapped=0x0) returned 1 [0035.530] CloseHandle (hObject=0x38) returned 1 [0035.530] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.530] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1iX8r_.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1ix8r_.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1iX8r_.pptx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1ix8r_.pptx.adv")) returned 1 [0035.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f76de40, ftCreationTime.dwHighDateTime=0x1d54358, ftLastAccessTime.dwLowDateTime=0x5a718840, ftLastAccessTime.dwHighDateTime=0x1d5b980, ftLastWriteTime.dwLowDateTime=0x5a718840, ftLastWriteTime.dwHighDateTime=0x1d5b980, nFileSizeHigh=0x0, nFileSizeLow=0x42e4, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="31Ojeoca_XxXMGid2.pptx", cAlternateFileName="31OJEO~1.PPT")) returned 1 [0035.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.531] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\31Ojeoca_XxXMGid2.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\31ojeoca_xxxmgid2.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.531] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x42e4, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x42e4, lpOverlapped=0x0) returned 1 [0035.532] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.532] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x42e4, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x42e4, lpOverlapped=0x0) returned 1 [0035.539] CloseHandle (hObject=0x38) returned 1 [0035.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2048 [0035.540] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\31Ojeoca_XxXMGid2.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\31ojeoca_xxxmgid2.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\31Ojeoca_XxXMGid2.pptx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\31ojeoca_xxxmgid2.pptx.adv")) returned 1 [0035.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.541] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a281700, ftCreationTime.dwHighDateTime=0x1d555c6, ftLastAccessTime.dwLowDateTime=0x117f3210, ftLastAccessTime.dwHighDateTime=0x1d57536, ftLastWriteTime.dwLowDateTime=0x117f3210, ftLastWriteTime.dwHighDateTime=0x1d57536, nFileSizeHigh=0x0, nFileSizeLow=0x6d5b, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="4K h.pptx", cAlternateFileName="4KH~1.PPT")) returned 1 [0035.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.541] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4K h.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4k h.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.542] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6d5b, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x6d5b, lpOverlapped=0x0) returned 1 [0035.542] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.542] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6d5b, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x6d5b, lpOverlapped=0x0) returned 1 [0035.543] CloseHandle (hObject=0x38) returned 1 [0035.543] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.543] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4K h.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4k h.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4K h.pptx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4k h.pptx.adv")) returned 1 [0035.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.544] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2952bc10, ftCreationTime.dwHighDateTime=0x1d54910, ftLastAccessTime.dwLowDateTime=0x1d497530, ftLastAccessTime.dwHighDateTime=0x1d57acf, ftLastWriteTime.dwLowDateTime=0x1d497530, ftLastWriteTime.dwHighDateTime=0x1d57acf, nFileSizeHigh=0x0, nFileSizeLow=0x90a7, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="70JuPxC rcrq.docx", cAlternateFileName="70JUPX~1.DOC")) returned 1 [0035.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.544] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\70JuPxC rcrq.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\70jupxc rcrq.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.544] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x90a7, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x90a7, lpOverlapped=0x0) returned 1 [0035.545] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.545] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x90a7, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x90a7, lpOverlapped=0x0) returned 1 [0035.545] CloseHandle (hObject=0x38) returned 1 [0035.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.546] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\70JuPxC rcrq.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\70jupxc rcrq.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\70JuPxC rcrq.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\70jupxc rcrq.docx.adv")) returned 1 [0035.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.547] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb85be30, ftCreationTime.dwHighDateTime=0x1d55172, ftLastAccessTime.dwLowDateTime=0xf86ee7a0, ftLastAccessTime.dwHighDateTime=0x1d57b22, ftLastWriteTime.dwLowDateTime=0xf86ee7a0, ftLastWriteTime.dwHighDateTime=0x1d57b22, nFileSizeHigh=0x0, nFileSizeLow=0xbf00, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="CXYyDJQbX2YsY.xlsx", cAlternateFileName="CXYYDJ~1.XLS")) returned 1 [0035.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CXYyDJQbX2YsY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cxyydjqbx2ysy.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.547] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbf00, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xbf00, lpOverlapped=0x0) returned 1 [0035.548] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.548] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbf00, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xbf00, lpOverlapped=0x0) returned 1 [0035.548] CloseHandle (hObject=0x38) returned 1 [0035.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.548] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CXYyDJQbX2YsY.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cxyydjqbx2ysy.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CXYyDJQbX2YsY.xlsx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cxyydjqbx2ysy.xlsx.adv")) returned 1 [0035.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.549] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.550] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x192, lpOverlapped=0x0) returned 1 [0035.550] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.551] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x192, lpOverlapped=0x0) returned 1 [0035.551] CloseHandle (hObject=0x38) returned 1 [0035.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.551] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini.adv")) returned 1 [0035.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.552] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x227dc6d0, ftCreationTime.dwHighDateTime=0x1d55623, ftLastAccessTime.dwLowDateTime=0x387411f0, ftLastAccessTime.dwHighDateTime=0x1d54dc3, ftLastWriteTime.dwLowDateTime=0x387411f0, ftLastWriteTime.dwHighDateTime=0x1d54dc3, nFileSizeHigh=0x0, nFileSizeLow=0xe8b5, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="FZU1hM-6Oi.xlsx", cAlternateFileName="FZU1HM~1.XLS")) returned 1 [0035.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FZU1hM-6Oi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fzu1hm-6oi.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.552] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe8b5, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xe8b5, lpOverlapped=0x0) returned 1 [0035.553] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.553] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe8b5, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xe8b5, lpOverlapped=0x0) returned 1 [0035.553] CloseHandle (hObject=0x38) returned 1 [0035.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.554] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FZU1hM-6Oi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fzu1hm-6oi.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FZU1hM-6Oi.xlsx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fzu1hm-6oi.xlsx.adv")) returned 1 [0035.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.555] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3a52150, ftCreationTime.dwHighDateTime=0x1d5bb50, ftLastAccessTime.dwLowDateTime=0xa929ce70, ftLastAccessTime.dwHighDateTime=0x1d5b971, ftLastWriteTime.dwLowDateTime=0xa929ce70, ftLastWriteTime.dwHighDateTime=0x1d5b971, nFileSizeHigh=0x0, nFileSizeLow=0xa03e, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="GxKCryVZm.odp", cAlternateFileName="GXKCRY~1.ODP")) returned 1 [0035.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GxKCryVZm.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gxkcryvzm.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.555] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa03e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xa03e, lpOverlapped=0x0) returned 1 [0035.556] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.556] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa03e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xa03e, lpOverlapped=0x0) returned 1 [0035.557] CloseHandle (hObject=0x38) returned 1 [0035.557] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.557] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GxKCryVZm.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gxkcryvzm.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GxKCryVZm.odp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gxkcryvzm.odp.adv")) returned 1 [0035.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.558] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe33b9a00, ftCreationTime.dwHighDateTime=0x1d57c11, ftLastAccessTime.dwLowDateTime=0xa303be60, ftLastAccessTime.dwHighDateTime=0x1d5abcb, ftLastWriteTime.dwLowDateTime=0xa303be60, ftLastWriteTime.dwHighDateTime=0x1d5abcb, nFileSizeHigh=0x0, nFileSizeLow=0x3c46, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="H6NUqWoupg.docx", cAlternateFileName="H6NUQW~1.DOC")) returned 1 [0035.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.558] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H6NUqWoupg.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h6nuqwoupg.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.559] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c46, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x3c46, lpOverlapped=0x0) returned 1 [0035.560] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.560] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c46, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x3c46, lpOverlapped=0x0) returned 1 [0035.560] CloseHandle (hObject=0x38) returned 1 [0035.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.560] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H6NUqWoupg.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h6nuqwoupg.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\H6NUqWoupg.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h6nuqwoupg.docx.adv")) returned 1 [0035.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.561] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7024af70, ftCreationTime.dwHighDateTime=0x1d56109, ftLastAccessTime.dwLowDateTime=0x72eb2f90, ftLastAccessTime.dwHighDateTime=0x1d5aaa1, ftLastWriteTime.dwLowDateTime=0x72eb2f90, ftLastWriteTime.dwHighDateTime=0x1d5aaa1, nFileSizeHigh=0x0, nFileSizeLow=0x7f65, dwReserved0=0x1d2dd9c, dwReserved1=0x2914fe20, cFileName="lBs38SbmwOe.pptx", cAlternateFileName="LBS38S~1.PPT")) returned 1 [0035.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lBs38SbmwOe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lbs38sbmwoe.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.561] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7f65, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x7f65, lpOverlapped=0x0) returned 1 [0035.562] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.562] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7f65, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x7f65, lpOverlapped=0x0) returned 1 [0035.563] CloseHandle (hObject=0x38) returned 1 [0035.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.563] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lBs38SbmwOe.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lbs38sbmwoe.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lBs38SbmwOe.pptx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lbs38sbmwoe.pptx.adv")) returned 1 [0035.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.564] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0035.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.564] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x13, ftLastAccessTime.dwLowDateTime=0x6f08a8, ftLastAccessTime.dwHighDateTime=0x6d0000, ftLastWriteTime.dwLowDateTime=0x6f0be0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="1\x13", cAlternateFileName="")) returned 0xffffffff [0035.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.564] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0035.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.565] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x13, ftLastAccessTime.dwLowDateTime=0x6f08a8, ftLastAccessTime.dwHighDateTime=0x6d0000, ftLastWriteTime.dwLowDateTime=0x6f0be0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="1\x13", cAlternateFileName="")) returned 0xffffffff [0035.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.565] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0035.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.565] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.566] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0035.566] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x54, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.566] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.567] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xd8, lpOverlapped=0x0) returned 1 [0035.568] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.568] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xd8, lpOverlapped=0x0) returned 1 [0035.568] CloseHandle (hObject=0x3c) returned 1 [0035.568] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0035.568] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini.adv")) returned 1 [0035.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.569] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0035.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.569] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.570] CloseHandle (hObject=0x3c) returned 1 [0035.570] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0035.570] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss.adv")) returned 1 [0035.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.571] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="_private", cAlternateFileName="")) returned 1 [0035.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.571] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0035.572] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName="..", cAlternateFileName="")) returned 1 [0035.572] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x29, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0035.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0035.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.573] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x74e6, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x74e6, lpOverlapped=0x0) returned 1 [0035.576] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.576] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x74e6, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x74e6, lpOverlapped=0x0) returned 1 [0035.576] CloseHandle (hObject=0x40) returned 1 [0035.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0035.576] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.adv")) returned 1 [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.577] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x29, cFileName="folder.ico", cAlternateFileName="")) returned 0 [0035.577] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.577] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="_private", cAlternateFileName="")) returned 0 [0035.577] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.577] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0035.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.577] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="_private", cAlternateFileName="")) returned 0xffffffff [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.577] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0035.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.577] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.577] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.578] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0035.578] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x54, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0035.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.578] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.578] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x42400, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x42400, lpOverlapped=0x0) returned 1 [0035.583] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.584] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x42400, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x42400, lpOverlapped=0x0) returned 1 [0035.584] CloseHandle (hObject=0x3c) returned 1 [0035.584] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0960 [0035.584] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.adv")) returned 1 [0035.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.585] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x54, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0035.585] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.585] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe72e4c20, ftCreationTime.dwHighDateTime=0x1d5762b, ftLastAccessTime.dwLowDateTime=0xd53cda30, ftLastAccessTime.dwHighDateTime=0x1d5a93a, ftLastWriteTime.dwLowDateTime=0xd53cda30, ftLastWriteTime.dwHighDateTime=0x1d5a93a, nFileSizeHigh=0x0, nFileSizeLow=0xf7db, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="q4Oec inV5xh4UG.docx", cAlternateFileName="Q4OECI~1.DOC")) returned 1 [0035.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q4Oec inV5xh4UG.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q4oec inv5xh4ug.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.586] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf7db, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xf7db, lpOverlapped=0x0) returned 1 [0035.587] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.587] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf7db, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xf7db, lpOverlapped=0x0) returned 1 [0035.587] CloseHandle (hObject=0x38) returned 1 [0035.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2048 [0035.587] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q4Oec inV5xh4UG.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q4oec inv5xh4ug.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q4Oec inV5xh4UG.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q4oec inv5xh4ug.docx.adv")) returned 1 [0035.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.588] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc13fda70, ftCreationTime.dwHighDateTime=0x1d5a8fc, ftLastAccessTime.dwLowDateTime=0x5205d4a0, ftLastAccessTime.dwHighDateTime=0x1d585e0, ftLastWriteTime.dwLowDateTime=0x5205d4a0, ftLastWriteTime.dwHighDateTime=0x1d585e0, nFileSizeHigh=0x0, nFileSizeLow=0x6a8d, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="rBlxxpLy.docx", cAlternateFileName="RBLXXP~1.DOC")) returned 1 [0035.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rBlxxpLy.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rblxxply.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.589] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6a8d, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x6a8d, lpOverlapped=0x0) returned 1 [0035.589] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.589] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6a8d, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x6a8d, lpOverlapped=0x0) returned 1 [0035.590] CloseHandle (hObject=0x38) returned 1 [0035.590] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.590] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rBlxxpLy.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rblxxply.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rBlxxpLy.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rblxxply.docx.adv")) returned 1 [0035.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.590] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ddeb10, ftCreationTime.dwHighDateTime=0x1d5c503, ftLastAccessTime.dwLowDateTime=0x9178e640, ftLastAccessTime.dwHighDateTime=0x1d5b6f5, ftLastWriteTime.dwLowDateTime=0x9178e640, ftLastWriteTime.dwHighDateTime=0x1d5b6f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="RNautLQKyx_ZIEwgc4p", cAlternateFileName="RNAUTL~1")) returned 1 [0035.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.591] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ddeb10, ftCreationTime.dwHighDateTime=0x1d5c503, ftLastAccessTime.dwLowDateTime=0x9178e640, ftLastAccessTime.dwHighDateTime=0x1d5b6f5, ftLastWriteTime.dwLowDateTime=0x9178e640, ftLastWriteTime.dwHighDateTime=0x1d5b6f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.591] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ddeb10, ftCreationTime.dwHighDateTime=0x1d5c503, ftLastAccessTime.dwLowDateTime=0x9178e640, ftLastAccessTime.dwHighDateTime=0x1d5b6f5, ftLastWriteTime.dwLowDateTime=0x9178e640, ftLastWriteTime.dwHighDateTime=0x1d5b6f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0035.591] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b170f20, ftCreationTime.dwHighDateTime=0x1d5c019, ftLastAccessTime.dwLowDateTime=0xf8952a00, ftLastAccessTime.dwHighDateTime=0x1d5bede, ftLastWriteTime.dwLowDateTime=0xf8952a00, ftLastWriteTime.dwHighDateTime=0x1d5bede, nFileSizeHigh=0x0, nFileSizeLow=0x1099f, dwReserved0=0x0, dwReserved1=0x54, cFileName="2sPb cSkk-.pps", cAlternateFileName="2SPBCS~1.PPS")) returned 1 [0035.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2048 [0035.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\2sPb cSkk-.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\2spb cskk-.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.591] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1099f, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1099f, lpOverlapped=0x0) returned 1 [0035.592] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.592] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1099f, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1099f, lpOverlapped=0x0) returned 1 [0035.593] CloseHandle (hObject=0x3c) returned 1 [0035.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0968 [0035.593] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\2sPb cSkk-.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\2spb cskk-.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\2sPb cSkk-.pps.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\2spb cskk-.pps.adv")) returned 1 [0035.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0035.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.593] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc5d2c0, ftCreationTime.dwHighDateTime=0x1d5c0cb, ftLastAccessTime.dwLowDateTime=0xfb6c00f0, ftLastAccessTime.dwHighDateTime=0x1d5b8ad, ftLastWriteTime.dwLowDateTime=0xfb6c00f0, ftLastWriteTime.dwHighDateTime=0x1d5b8ad, nFileSizeHigh=0x0, nFileSizeLow=0x5fdb, dwReserved0=0x0, dwReserved1=0x54, cFileName="Dz6qG0bGda.doc", cAlternateFileName="DZ6QG0~1.DOC")) returned 1 [0035.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2048 [0035.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\Dz6qG0bGda.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\dz6qg0bgda.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.594] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5fdb, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x5fdb, lpOverlapped=0x0) returned 1 [0035.595] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.595] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5fdb, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x5fdb, lpOverlapped=0x0) returned 1 [0035.595] CloseHandle (hObject=0x3c) returned 1 [0035.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0968 [0035.595] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\Dz6qG0bGda.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\dz6qg0bgda.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\Dz6qG0bGda.doc.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\dz6qg0bgda.doc.adv")) returned 1 [0035.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0035.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.596] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83ff09f0, ftCreationTime.dwHighDateTime=0x1d5bee7, ftLastAccessTime.dwLowDateTime=0x6667f4e0, ftLastAccessTime.dwHighDateTime=0x1d5bb7e, ftLastWriteTime.dwLowDateTime=0x6667f4e0, ftLastWriteTime.dwHighDateTime=0x1d5bb7e, nFileSizeHigh=0x0, nFileSizeLow=0x4037, dwReserved0=0x0, dwReserved1=0x54, cFileName="eJ43YMM.odp", cAlternateFileName="")) returned 1 [0035.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2048 [0035.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\eJ43YMM.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\ej43ymm.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.596] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4037, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x4037, lpOverlapped=0x0) returned 1 [0035.597] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.597] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4037, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x4037, lpOverlapped=0x0) returned 1 [0035.597] CloseHandle (hObject=0x3c) returned 1 [0035.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0968 [0035.597] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\eJ43YMM.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\ej43ymm.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\eJ43YMM.odp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\ej43ymm.odp.adv")) returned 1 [0035.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0035.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.598] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x990b5c90, ftCreationTime.dwHighDateTime=0x1d5c1f3, ftLastAccessTime.dwLowDateTime=0x1af30b00, ftLastAccessTime.dwHighDateTime=0x1d5bd1b, ftLastWriteTime.dwLowDateTime=0x1af30b00, ftLastWriteTime.dwHighDateTime=0x1d5bd1b, nFileSizeHigh=0x0, nFileSizeLow=0x49f7, dwReserved0=0x0, dwReserved1=0x54, cFileName="mdWEipFNXDBB Mvg6aw.csv", cAlternateFileName="MDWEIP~1.CSV")) returned 1 [0035.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2048 [0035.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\mdWEipFNXDBB Mvg6aw.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\mdweipfnxdbb mvg6aw.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.598] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x49f7, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x49f7, lpOverlapped=0x0) returned 1 [0035.599] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.599] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x49f7, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x49f7, lpOverlapped=0x0) returned 1 [0035.599] CloseHandle (hObject=0x3c) returned 1 [0035.599] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0035.599] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\mdWEipFNXDBB Mvg6aw.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\mdweipfnxdbb mvg6aw.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\mdWEipFNXDBB Mvg6aw.csv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\mdweipfnxdbb mvg6aw.csv.adv")) returned 1 [0035.600] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0035.600] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.600] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2142c90, ftCreationTime.dwHighDateTime=0x1d5c3ab, ftLastAccessTime.dwLowDateTime=0xe7877ee0, ftLastAccessTime.dwHighDateTime=0x1d5c049, ftLastWriteTime.dwLowDateTime=0xe7877ee0, ftLastWriteTime.dwHighDateTime=0x1d5c049, nFileSizeHigh=0x0, nFileSizeLow=0x3782, dwReserved0=0x0, dwReserved1=0x54, cFileName="RDumlaJr.pptx", cAlternateFileName="RDUMLA~1.PPT")) returned 1 [0035.600] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.600] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2048 [0035.600] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\RDumlaJr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\rdumlajr.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.600] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3782, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x3782, lpOverlapped=0x0) returned 1 [0035.601] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.601] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3782, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x3782, lpOverlapped=0x0) returned 1 [0035.601] CloseHandle (hObject=0x3c) returned 1 [0035.601] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0968 [0035.601] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\RDumlaJr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\rdumlajr.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\RDumlaJr.pptx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\rdumlajr.pptx.adv")) returned 1 [0035.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0035.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.602] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0ae78e0, ftCreationTime.dwHighDateTime=0x1d5c326, ftLastAccessTime.dwLowDateTime=0x13dbb5a0, ftLastAccessTime.dwHighDateTime=0x1d5c488, ftLastWriteTime.dwLowDateTime=0x13dbb5a0, ftLastWriteTime.dwHighDateTime=0x1d5c488, nFileSizeHigh=0x0, nFileSizeLow=0x11b8f, dwReserved0=0x0, dwReserved1=0x54, cFileName="UgyZPT_Nh0JP32cs6_4.ppt", cAlternateFileName="UGYZPT~1.PPT")) returned 1 [0035.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2048 [0035.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\UgyZPT_Nh0JP32cs6_4.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\ugyzpt_nh0jp32cs6_4.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.602] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11b8f, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x11b8f, lpOverlapped=0x0) returned 1 [0035.603] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.604] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11b8f, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x11b8f, lpOverlapped=0x0) returned 1 [0035.604] CloseHandle (hObject=0x3c) returned 1 [0035.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0035.604] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\UgyZPT_Nh0JP32cs6_4.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\ugyzpt_nh0jp32cs6_4.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\UgyZPT_Nh0JP32cs6_4.ppt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\ugyzpt_nh0jp32cs6_4.ppt.adv")) returned 1 [0035.605] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0035.605] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.605] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x416b5120, ftCreationTime.dwHighDateTime=0x1d5c1f8, ftLastAccessTime.dwLowDateTime=0x6c1fc840, ftLastAccessTime.dwHighDateTime=0x1d5c21d, ftLastWriteTime.dwLowDateTime=0x6c1fc840, ftLastWriteTime.dwHighDateTime=0x1d5c21d, nFileSizeHigh=0x0, nFileSizeLow=0xfdd3, dwReserved0=0x0, dwReserved1=0x54, cFileName="WZKN04mQ.ppt", cAlternateFileName="")) returned 1 [0035.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2048 [0035.605] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\WZKN04mQ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\wzkn04mq.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.605] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfdd3, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xfdd3, lpOverlapped=0x0) returned 1 [0035.606] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.606] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfdd3, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xfdd3, lpOverlapped=0x0) returned 1 [0035.606] CloseHandle (hObject=0x3c) returned 1 [0035.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0968 [0035.606] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\WZKN04mQ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\wzkn04mq.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RNautLQKyx_ZIEwgc4p\\WZKN04mQ.ppt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rnautlqkyx_ziewgc4p\\wzkn04mq.ppt.adv")) returned 1 [0035.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0035.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.607] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x416b5120, ftCreationTime.dwHighDateTime=0x1d5c1f8, ftLastAccessTime.dwLowDateTime=0x6c1fc840, ftLastAccessTime.dwHighDateTime=0x1d5c21d, ftLastWriteTime.dwLowDateTime=0x6c1fc840, ftLastWriteTime.dwHighDateTime=0x1d5c21d, nFileSizeHigh=0x0, nFileSizeLow=0xfdd3, dwReserved0=0x0, dwReserved1=0x54, cFileName="WZKN04mQ.ppt", cAlternateFileName="")) returned 0 [0035.607] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.607] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9a98fd0, ftCreationTime.dwHighDateTime=0x1d5bfb9, ftLastAccessTime.dwLowDateTime=0xacfde780, ftLastAccessTime.dwHighDateTime=0x1d5b669, ftLastWriteTime.dwLowDateTime=0xacfde780, ftLastWriteTime.dwHighDateTime=0x1d5b669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="s-VWzfA", cAlternateFileName="")) returned 1 [0035.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0035.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.607] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s-VWzfA\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9a98fd0, ftCreationTime.dwHighDateTime=0x1d5bfb9, ftLastAccessTime.dwLowDateTime=0xacfde780, ftLastAccessTime.dwHighDateTime=0x1d5b669, ftLastWriteTime.dwLowDateTime=0xacfde780, ftLastWriteTime.dwHighDateTime=0x1d5b669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.607] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9a98fd0, ftCreationTime.dwHighDateTime=0x1d5bfb9, ftLastAccessTime.dwLowDateTime=0xacfde780, ftLastAccessTime.dwHighDateTime=0x1d5b669, ftLastWriteTime.dwLowDateTime=0xacfde780, ftLastWriteTime.dwHighDateTime=0x1d5b669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0035.607] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d343240, ftCreationTime.dwHighDateTime=0x1d5c2f1, ftLastAccessTime.dwLowDateTime=0x566b5df0, ftLastAccessTime.dwHighDateTime=0x1d5c5e4, ftLastWriteTime.dwLowDateTime=0x566b5df0, ftLastWriteTime.dwHighDateTime=0x1d5c5e4, nFileSizeHigh=0x0, nFileSizeLow=0x1125b, dwReserved0=0x0, dwReserved1=0x54, cFileName="1Xp_0TW0bFUtM1.csv", cAlternateFileName="1XP_0T~1.CSV")) returned 1 [0035.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0948 [0035.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s-VWzfA\\1Xp_0TW0bFUtM1.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s-vwzfa\\1xp_0tw0bfutm1.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.608] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1125b, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1125b, lpOverlapped=0x0) returned 1 [0035.609] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.609] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1125b, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1125b, lpOverlapped=0x0) returned 1 [0035.609] CloseHandle (hObject=0x3c) returned 1 [0035.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09e0 [0035.609] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s-VWzfA\\1Xp_0TW0bFUtM1.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s-vwzfa\\1xp_0tw0bfutm1.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s-VWzfA\\1Xp_0TW0bFUtM1.csv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s-vwzfa\\1xp_0tw0bfutm1.csv.adv")) returned 1 [0035.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0035.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.610] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0203b00, ftCreationTime.dwHighDateTime=0x1d5b7e1, ftLastAccessTime.dwLowDateTime=0xc1abc490, ftLastAccessTime.dwHighDateTime=0x1d5b803, ftLastWriteTime.dwLowDateTime=0xc1abc490, ftLastWriteTime.dwHighDateTime=0x1d5b803, nFileSizeHigh=0x0, nFileSizeLow=0xd1bd, dwReserved0=0x0, dwReserved1=0x54, cFileName="L uVwCNS49qZilnhg.xls", cAlternateFileName="LUVWCN~1.XLS")) returned 1 [0035.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0948 [0035.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s-VWzfA\\L uVwCNS49qZilnhg.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s-vwzfa\\l uvwcns49qzilnhg.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.610] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd1bd, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xd1bd, lpOverlapped=0x0) returned 1 [0035.611] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.611] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd1bd, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xd1bd, lpOverlapped=0x0) returned 1 [0035.612] CloseHandle (hObject=0x3c) returned 1 [0035.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09e0 [0035.612] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s-VWzfA\\L uVwCNS49qZilnhg.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s-vwzfa\\l uvwcns49qzilnhg.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s-VWzfA\\L uVwCNS49qZilnhg.xls.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s-vwzfa\\l uvwcns49qzilnhg.xls.adv")) returned 1 [0035.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0035.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.612] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0203b00, ftCreationTime.dwHighDateTime=0x1d5b7e1, ftLastAccessTime.dwLowDateTime=0xc1abc490, ftLastAccessTime.dwHighDateTime=0x1d5b803, ftLastWriteTime.dwLowDateTime=0xc1abc490, ftLastWriteTime.dwHighDateTime=0x1d5b803, nFileSizeHigh=0x0, nFileSizeLow=0xd1bd, dwReserved0=0x0, dwReserved1=0x54, cFileName="L uVwCNS49qZilnhg.xls", cAlternateFileName="LUVWCN~1.XLS")) returned 0 [0035.612] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.612] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad7bc20, ftCreationTime.dwHighDateTime=0x1d59bc9, ftLastAccessTime.dwLowDateTime=0x2f9731c0, ftLastAccessTime.dwHighDateTime=0x1d5938c, ftLastWriteTime.dwLowDateTime=0x2f9731c0, ftLastWriteTime.dwHighDateTime=0x1d5938c, nFileSizeHigh=0x0, nFileSizeLow=0x15d80, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="SOiGPV_ocHA9Q7.pptx", cAlternateFileName="SOIGPV~1.PPT")) returned 1 [0035.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SOiGPV_ocHA9Q7.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\soigpv_ocha9q7.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.613] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15d80, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x15d80, lpOverlapped=0x0) returned 1 [0035.614] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.614] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15d80, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x15d80, lpOverlapped=0x0) returned 1 [0035.614] CloseHandle (hObject=0x38) returned 1 [0035.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.614] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SOiGPV_ocHA9Q7.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\soigpv_ocha9q7.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SOiGPV_ocHA9Q7.pptx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\soigpv_ocha9q7.pptx.adv")) returned 1 [0035.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.615] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38c01590, ftCreationTime.dwHighDateTime=0x1d5ba20, ftLastAccessTime.dwLowDateTime=0x52997e60, ftLastAccessTime.dwHighDateTime=0x1d5c052, ftLastWriteTime.dwLowDateTime=0x52997e60, ftLastWriteTime.dwHighDateTime=0x1d5c052, nFileSizeHigh=0x0, nFileSizeLow=0x18026, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="tR32zBauYPZ2z-u M4-.ppt", cAlternateFileName="TR32ZB~1.PPT")) returned 1 [0035.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\tR32zBauYPZ2z-u M4-.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tr32zbauypz2z-u m4-.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.616] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18026, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x18026, lpOverlapped=0x0) returned 1 [0035.617] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.617] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18026, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x18026, lpOverlapped=0x0) returned 1 [0035.617] CloseHandle (hObject=0x38) returned 1 [0035.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2048 [0035.618] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\tR32zBauYPZ2z-u M4-.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tr32zbauypz2z-u m4-.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\tR32zBauYPZ2z-u M4-.ppt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tr32zbauypz2z-u m4-.ppt.adv")) returned 1 [0035.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.619] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f807810, ftCreationTime.dwHighDateTime=0x1d5c4b8, ftLastAccessTime.dwLowDateTime=0xc8727ff0, ftLastAccessTime.dwHighDateTime=0x1d5bd2e, ftLastWriteTime.dwLowDateTime=0xc8727ff0, ftLastWriteTime.dwHighDateTime=0x1d5bd2e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="vb95", cAlternateFileName="")) returned 1 [0035.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.619] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f807810, ftCreationTime.dwHighDateTime=0x1d5c4b8, ftLastAccessTime.dwLowDateTime=0xc8727ff0, ftLastAccessTime.dwHighDateTime=0x1d5bd2e, ftLastWriteTime.dwLowDateTime=0xc8727ff0, ftLastWriteTime.dwHighDateTime=0x1d5bd2e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.619] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f807810, ftCreationTime.dwHighDateTime=0x1d5c4b8, ftLastAccessTime.dwLowDateTime=0xc8727ff0, ftLastAccessTime.dwHighDateTime=0x1d5bd2e, ftLastWriteTime.dwLowDateTime=0xc8727ff0, ftLastWriteTime.dwHighDateTime=0x1d5bd2e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3b, cFileName="..", cAlternateFileName="")) returned 1 [0035.619] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd967cd90, ftCreationTime.dwHighDateTime=0x1d5c3c5, ftLastAccessTime.dwLowDateTime=0xa5dc48f0, ftLastAccessTime.dwHighDateTime=0x1d5c0f7, ftLastWriteTime.dwLowDateTime=0xa5dc48f0, ftLastWriteTime.dwHighDateTime=0x1d5c0f7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3b, cFileName="bSDa3p", cAlternateFileName="")) returned 1 [0035.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0035.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.620] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd967cd90, ftCreationTime.dwHighDateTime=0x1d5c3c5, ftLastAccessTime.dwLowDateTime=0xa5dc48f0, ftLastAccessTime.dwHighDateTime=0x1d5c0f7, ftLastWriteTime.dwLowDateTime=0xa5dc48f0, ftLastWriteTime.dwHighDateTime=0x1d5c0f7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5c4b8, dwReserved1=0xc8727ff0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0035.620] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd967cd90, ftCreationTime.dwHighDateTime=0x1d5c3c5, ftLastAccessTime.dwLowDateTime=0xa5dc48f0, ftLastAccessTime.dwHighDateTime=0x1d5c0f7, ftLastWriteTime.dwLowDateTime=0xa5dc48f0, ftLastWriteTime.dwHighDateTime=0x1d5c0f7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5c4b8, dwReserved1=0xc8727ff0, cFileName="..", cAlternateFileName="")) returned 1 [0035.620] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39ba3e40, ftCreationTime.dwHighDateTime=0x1d5c019, ftLastAccessTime.dwLowDateTime=0xf82f670, ftLastAccessTime.dwHighDateTime=0x1d5c5d3, ftLastWriteTime.dwLowDateTime=0xf82f670, ftLastWriteTime.dwHighDateTime=0x1d5c5d3, nFileSizeHigh=0x0, nFileSizeLow=0xe433, dwReserved0=0x1d5c4b8, dwReserved1=0xc8727ff0, cFileName="MYNo82NP9gG.ods", cAlternateFileName="MYNO82~1.ODS")) returned 1 [0035.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f0948 [0035.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f09c0 [0035.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\MYNo82NP9gG.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\myno82np9gg.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.620] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe433, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xe433, lpOverlapped=0x0) returned 1 [0035.621] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.621] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe433, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xe433, lpOverlapped=0x0) returned 1 [0035.621] CloseHandle (hObject=0x40) returned 1 [0035.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a70 [0035.622] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\MYNo82NP9gG.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\myno82np9gg.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\MYNo82NP9gG.ods.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\myno82np9gg.ods.adv")) returned 1 [0035.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a70 | out: hHeap=0x6d0000) returned 1 [0035.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09c0 | out: hHeap=0x6d0000) returned 1 [0035.622] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2c151b0, ftCreationTime.dwHighDateTime=0x1d5c386, ftLastAccessTime.dwLowDateTime=0xe2043380, ftLastAccessTime.dwHighDateTime=0x1d5c1c2, ftLastWriteTime.dwLowDateTime=0xe2043380, ftLastWriteTime.dwHighDateTime=0x1d5c1c2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5c4b8, dwReserved1=0xc8727ff0, cFileName="SV4GwBq oE75gC", cAlternateFileName="SV4GWB~1")) returned 1 [0035.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f0948 [0035.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f09c0 [0035.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a70 [0035.623] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2c151b0, ftCreationTime.dwHighDateTime=0x1d5c386, ftLastAccessTime.dwLowDateTime=0xe2043380, ftLastAccessTime.dwHighDateTime=0x1d5c1c2, ftLastWriteTime.dwLowDateTime=0xe2043380, ftLastWriteTime.dwHighDateTime=0x1d5c1c2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x6, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0035.623] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2c151b0, ftCreationTime.dwHighDateTime=0x1d5c386, ftLastAccessTime.dwLowDateTime=0xe2043380, ftLastAccessTime.dwHighDateTime=0x1d5c1c2, ftLastWriteTime.dwLowDateTime=0xe2043380, ftLastWriteTime.dwHighDateTime=0x1d5c1c2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x6, cFileName="..", cAlternateFileName="")) returned 1 [0035.623] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29c9cdf0, ftCreationTime.dwHighDateTime=0x1d5be9a, ftLastAccessTime.dwLowDateTime=0x14bdc730, ftLastAccessTime.dwHighDateTime=0x1d5b761, ftLastWriteTime.dwLowDateTime=0x14bdc730, ftLastWriteTime.dwHighDateTime=0x1d5b761, nFileSizeHigh=0x0, nFileSizeLow=0x13504, dwReserved0=0x0, dwReserved1=0x6, cFileName="47zjJ2- 7F.ppt", cAlternateFileName="47ZJJ2~1.PPT")) returned 1 [0035.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0b08 [0035.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6ea7f8 [0035.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b08 | out: hHeap=0x6d0000) returned 1 [0035.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\47zjJ2- 7F.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\sv4gwbq oe75gc\\47zjj2- 7f.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.623] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13504, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x13504, lpOverlapped=0x0) returned 1 [0035.624] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.624] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13504, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x13504, lpOverlapped=0x0) returned 1 [0035.625] CloseHandle (hObject=0x44) returned 1 [0035.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0b08 [0035.625] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\47zjJ2- 7F.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\sv4gwbq oe75gc\\47zjj2- 7f.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\47zjJ2- 7F.ppt.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\sv4gwbq oe75gc\\47zjj2- 7f.ppt.adv")) returned 1 [0035.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b08 | out: hHeap=0x6d0000) returned 1 [0035.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0035.626] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa1e2d0, ftCreationTime.dwHighDateTime=0x1d5bae7, ftLastAccessTime.dwLowDateTime=0x8ddaa830, ftLastAccessTime.dwHighDateTime=0x1d5b866, ftLastWriteTime.dwLowDateTime=0x8ddaa830, ftLastWriteTime.dwHighDateTime=0x1d5b866, nFileSizeHigh=0x0, nFileSizeLow=0x594c, dwReserved0=0x0, dwReserved1=0x6, cFileName="mBvnyNby_skMvVufS5.docx", cAlternateFileName="MBVNYN~1.DOC")) returned 1 [0035.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0b08 [0035.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6ea7f8 [0035.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b08 | out: hHeap=0x6d0000) returned 1 [0035.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\mBvnyNby_skMvVufS5.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\sv4gwbq oe75gc\\mbvnynby_skmvvufs5.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.626] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x594c, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x594c, lpOverlapped=0x0) returned 1 [0035.627] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.627] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x594c, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x594c, lpOverlapped=0x0) returned 1 [0035.627] CloseHandle (hObject=0x44) returned 1 [0035.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0b08 [0035.627] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\mBvnyNby_skMvVufS5.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\sv4gwbq oe75gc\\mbvnynby_skmvvufs5.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\mBvnyNby_skMvVufS5.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\sv4gwbq oe75gc\\mbvnynby_skmvvufs5.docx.adv")) returned 1 [0035.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b08 | out: hHeap=0x6d0000) returned 1 [0035.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0035.630] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81ad3ca0, ftCreationTime.dwHighDateTime=0x1d5bc74, ftLastAccessTime.dwLowDateTime=0x8e4df340, ftLastAccessTime.dwHighDateTime=0x1d5c2b5, ftLastWriteTime.dwLowDateTime=0x8e4df340, ftLastWriteTime.dwHighDateTime=0x1d5c2b5, nFileSizeHigh=0x0, nFileSizeLow=0xd077, dwReserved0=0x0, dwReserved1=0x6, cFileName="YGD aiTfEEVHc9.csv", cAlternateFileName="YGDAIT~1.CSV")) returned 1 [0035.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0b08 [0035.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6ea7f8 [0035.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b08 | out: hHeap=0x6d0000) returned 1 [0035.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\YGD aiTfEEVHc9.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\sv4gwbq oe75gc\\ygd aitfeevhc9.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.630] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd077, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xd077, lpOverlapped=0x0) returned 1 [0035.631] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.631] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd077, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xd077, lpOverlapped=0x0) returned 1 [0035.631] CloseHandle (hObject=0x44) returned 1 [0035.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0b08 [0035.631] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\YGD aiTfEEVHc9.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\sv4gwbq oe75gc\\ygd aitfeevhc9.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\SV4GwBq oE75gC\\YGD aiTfEEVHc9.csv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\sv4gwbq oe75gc\\ygd aitfeevhc9.csv.adv")) returned 1 [0035.632] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b08 | out: hHeap=0x6d0000) returned 1 [0035.632] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0035.632] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81ad3ca0, ftCreationTime.dwHighDateTime=0x1d5bc74, ftLastAccessTime.dwLowDateTime=0x8e4df340, ftLastAccessTime.dwHighDateTime=0x1d5c2b5, ftLastWriteTime.dwLowDateTime=0x8e4df340, ftLastWriteTime.dwHighDateTime=0x1d5c2b5, nFileSizeHigh=0x0, nFileSizeLow=0xd077, dwReserved0=0x0, dwReserved1=0x6, cFileName="YGD aiTfEEVHc9.csv", cAlternateFileName="YGDAIT~1.CSV")) returned 0 [0035.632] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0035.632] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a70 | out: hHeap=0x6d0000) returned 1 [0035.632] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09c0 | out: hHeap=0x6d0000) returned 1 [0035.632] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cf3bbb0, ftCreationTime.dwHighDateTime=0x1d5bcdb, ftLastAccessTime.dwLowDateTime=0x5795510, ftLastAccessTime.dwHighDateTime=0x1d5c4da, ftLastWriteTime.dwLowDateTime=0x5795510, ftLastWriteTime.dwHighDateTime=0x1d5c4da, nFileSizeHigh=0x0, nFileSizeLow=0x14737, dwReserved0=0x1d5c4b8, dwReserved1=0xc8727ff0, cFileName="ZVeYS.csv", cAlternateFileName="")) returned 1 [0035.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6f0948 [0035.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f09c0 [0035.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\ZVeYS.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\zveys.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.633] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14737, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x14737, lpOverlapped=0x0) returned 1 [0035.634] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.634] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14737, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x14737, lpOverlapped=0x0) returned 1 [0035.634] CloseHandle (hObject=0x40) returned 1 [0035.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a70 [0035.635] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\ZVeYS.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\zveys.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\bSDa3p\\ZVeYS.csv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\bsda3p\\zveys.csv.adv")) returned 1 [0035.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a70 | out: hHeap=0x6d0000) returned 1 [0035.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09c0 | out: hHeap=0x6d0000) returned 1 [0035.637] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cf3bbb0, ftCreationTime.dwHighDateTime=0x1d5bcdb, ftLastAccessTime.dwLowDateTime=0x5795510, ftLastAccessTime.dwHighDateTime=0x1d5c4da, ftLastWriteTime.dwLowDateTime=0x5795510, ftLastWriteTime.dwHighDateTime=0x1d5c4da, nFileSizeHigh=0x0, nFileSizeLow=0x14737, dwReserved0=0x1d5c4b8, dwReserved1=0xc8727ff0, cFileName="ZVeYS.csv", cAlternateFileName="")) returned 0 [0035.638] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0035.638] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.638] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.638] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82f918a0, ftCreationTime.dwHighDateTime=0x1d5c33a, ftLastAccessTime.dwLowDateTime=0x4a6bb580, ftLastAccessTime.dwHighDateTime=0x1d5c0a4, ftLastWriteTime.dwLowDateTime=0x4a6bb580, ftLastWriteTime.dwHighDateTime=0x1d5c0a4, nFileSizeHigh=0x0, nFileSizeLow=0x6a89, dwReserved0=0x0, dwReserved1=0x3b, cFileName="DcbX75d63p.pps", cAlternateFileName="DCBX75~1.PPS")) returned 1 [0035.638] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.638] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0035.638] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\DcbX75d63p.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\dcbx75d63p.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.638] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6a89, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x6a89, lpOverlapped=0x0) returned 1 [0035.639] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.639] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6a89, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x6a89, lpOverlapped=0x0) returned 1 [0035.639] CloseHandle (hObject=0x3c) returned 1 [0035.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.639] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\DcbX75d63p.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\dcbx75d63p.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\DcbX75d63p.pps.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\dcbx75d63p.pps.adv")) returned 1 [0035.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.640] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb88e81d0, ftCreationTime.dwHighDateTime=0x1d5b6c4, ftLastAccessTime.dwLowDateTime=0x27861850, ftLastAccessTime.dwHighDateTime=0x1d5b76f, ftLastWriteTime.dwLowDateTime=0x27861850, ftLastWriteTime.dwHighDateTime=0x1d5b76f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3b, cFileName="l Wcxjfs2MNdTFS7NC", cAlternateFileName="LWCXJF~1")) returned 1 [0035.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0035.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0035.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.640] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb88e81d0, ftCreationTime.dwHighDateTime=0x1d5b6c4, ftLastAccessTime.dwLowDateTime=0x27861850, ftLastAccessTime.dwHighDateTime=0x1d5b76f, ftLastWriteTime.dwLowDateTime=0x27861850, ftLastWriteTime.dwHighDateTime=0x1d5b76f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0035.640] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb88e81d0, ftCreationTime.dwHighDateTime=0x1d5b6c4, ftLastAccessTime.dwLowDateTime=0x27861850, ftLastAccessTime.dwHighDateTime=0x1d5b76f, ftLastWriteTime.dwLowDateTime=0x27861850, ftLastWriteTime.dwHighDateTime=0x1d5b76f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="..", cAlternateFileName="")) returned 1 [0035.641] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xccae0500, ftCreationTime.dwHighDateTime=0x1d5c3f8, ftLastAccessTime.dwLowDateTime=0x86d9f320, ftLastAccessTime.dwHighDateTime=0x1d5c5e9, ftLastWriteTime.dwLowDateTime=0x86d9f320, ftLastWriteTime.dwHighDateTime=0x1d5c5e9, nFileSizeHigh=0x0, nFileSizeLow=0x6e4a, dwReserved0=0x0, dwReserved1=0x40, cFileName="5jO0thk.pps", cAlternateFileName="")) returned 1 [0035.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0a10 [0035.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\5jO0thk.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\5jo0thk.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.641] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6e4a, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x6e4a, lpOverlapped=0x0) returned 1 [0035.642] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.642] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6e4a, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x6e4a, lpOverlapped=0x0) returned 1 [0035.642] CloseHandle (hObject=0x40) returned 1 [0035.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ad8 [0035.642] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\5jO0thk.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\5jo0thk.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\5jO0thk.pps.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\5jo0thk.pps.adv")) returned 1 [0035.643] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0035.643] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0035.643] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2845b290, ftCreationTime.dwHighDateTime=0x1d5bd74, ftLastAccessTime.dwLowDateTime=0x3298bec0, ftLastAccessTime.dwHighDateTime=0x1d5b9e8, ftLastWriteTime.dwLowDateTime=0x3298bec0, ftLastWriteTime.dwHighDateTime=0x1d5b9e8, nFileSizeHigh=0x0, nFileSizeLow=0x11abf, dwReserved0=0x0, dwReserved1=0x40, cFileName="cQ_2Rzr.docx", cAlternateFileName="CQ_2RZ~1.DOC")) returned 1 [0035.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0a10 [0035.643] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\cQ_2Rzr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\cq_2rzr.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.643] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11abf, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x11abf, lpOverlapped=0x0) returned 1 [0035.645] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.645] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11abf, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x11abf, lpOverlapped=0x0) returned 1 [0035.645] CloseHandle (hObject=0x40) returned 1 [0035.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ad8 [0035.645] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\cQ_2Rzr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\cq_2rzr.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\cQ_2Rzr.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\cq_2rzr.docx.adv")) returned 1 [0035.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0035.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0035.646] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc590150, ftCreationTime.dwHighDateTime=0x1d5be6d, ftLastAccessTime.dwLowDateTime=0xdcc598e0, ftLastAccessTime.dwHighDateTime=0x1d5bdc2, ftLastWriteTime.dwLowDateTime=0xdcc598e0, ftLastWriteTime.dwHighDateTime=0x1d5bdc2, nFileSizeHigh=0x0, nFileSizeLow=0x13c1f, dwReserved0=0x0, dwReserved1=0x40, cFileName="ghwBu.pps", cAlternateFileName="")) returned 1 [0035.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0a10 [0035.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\ghwBu.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\ghwbu.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.646] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13c1f, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x13c1f, lpOverlapped=0x0) returned 1 [0035.647] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.648] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13c1f, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x13c1f, lpOverlapped=0x0) returned 1 [0035.648] CloseHandle (hObject=0x40) returned 1 [0035.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ad8 [0035.648] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\ghwBu.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\ghwbu.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\ghwBu.pps.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\ghwbu.pps.adv")) returned 1 [0035.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0035.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0035.649] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38b99010, ftCreationTime.dwHighDateTime=0x1d5b766, ftLastAccessTime.dwLowDateTime=0x1db02cd0, ftLastAccessTime.dwHighDateTime=0x1d5b594, ftLastWriteTime.dwLowDateTime=0x1db02cd0, ftLastWriteTime.dwHighDateTime=0x1d5b594, nFileSizeHigh=0x0, nFileSizeLow=0x12bf0, dwReserved0=0x0, dwReserved1=0x40, cFileName="k3b6sKlJTZ_X_gu59.ods", cAlternateFileName="K3B6SK~1.ODS")) returned 1 [0035.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0a10 [0035.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\k3b6sKlJTZ_X_gu59.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\k3b6skljtz_x_gu59.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.650] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12bf0, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x12bf0, lpOverlapped=0x0) returned 1 [0035.651] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.651] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12bf0, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x12bf0, lpOverlapped=0x0) returned 1 [0035.651] CloseHandle (hObject=0x40) returned 1 [0035.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0ad8 [0035.651] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\k3b6sKlJTZ_X_gu59.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\k3b6skljtz_x_gu59.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\k3b6sKlJTZ_X_gu59.ods.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\k3b6skljtz_x_gu59.ods.adv")) returned 1 [0035.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0035.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0035.652] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d0e0490, ftCreationTime.dwHighDateTime=0x1d5bf2b, ftLastAccessTime.dwLowDateTime=0x908b6ff0, ftLastAccessTime.dwHighDateTime=0x1d5b5ab, ftLastWriteTime.dwLowDateTime=0x908b6ff0, ftLastWriteTime.dwHighDateTime=0x1d5b5ab, nFileSizeHigh=0x0, nFileSizeLow=0x16b2f, dwReserved0=0x0, dwReserved1=0x40, cFileName="rfA7yLhjzhVw2Cg1RM.csv", cAlternateFileName="RFA7YL~1.CSV")) returned 1 [0035.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0a10 [0035.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\rfA7yLhjzhVw2Cg1RM.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\rfa7ylhjzhvw2cg1rm.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.653] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16b2f, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x16b2f, lpOverlapped=0x0) returned 1 [0035.654] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.654] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16b2f, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x16b2f, lpOverlapped=0x0) returned 1 [0035.654] CloseHandle (hObject=0x40) returned 1 [0035.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0ad8 [0035.658] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\rfA7yLhjzhVw2Cg1RM.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\rfa7ylhjzhvw2cg1rm.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\rfA7yLhjzhVw2Cg1RM.csv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\rfa7ylhjzhvw2cg1rm.csv.adv")) returned 1 [0035.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0035.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0035.658] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f814730, ftCreationTime.dwHighDateTime=0x1d5bcbc, ftLastAccessTime.dwLowDateTime=0x2f680a90, ftLastAccessTime.dwHighDateTime=0x1d5bb90, ftLastWriteTime.dwLowDateTime=0x2f680a90, ftLastWriteTime.dwHighDateTime=0x1d5bb90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="xPvqgBo7j3izw", cAlternateFileName="XPVQGB~1")) returned 1 [0035.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0a10 [0035.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ad8 [0035.659] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f814730, ftCreationTime.dwHighDateTime=0x1d5bcbc, ftLastAccessTime.dwLowDateTime=0x2f680a90, ftLastAccessTime.dwHighDateTime=0x1d5bb90, ftLastWriteTime.dwLowDateTime=0x2f680a90, ftLastWriteTime.dwHighDateTime=0x1d5bb90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x5fc, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0035.659] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f814730, ftCreationTime.dwHighDateTime=0x1d5bcbc, ftLastAccessTime.dwLowDateTime=0x2f680a90, ftLastAccessTime.dwHighDateTime=0x1d5bb90, ftLastWriteTime.dwLowDateTime=0x2f680a90, ftLastWriteTime.dwHighDateTime=0x1d5bb90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x5fc, cFileName="..", cAlternateFileName="")) returned 1 [0035.659] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81ac4180, ftCreationTime.dwHighDateTime=0x1d5ba1f, ftLastAccessTime.dwLowDateTime=0xfbbec2b0, ftLastAccessTime.dwHighDateTime=0x1d5c0ee, ftLastWriteTime.dwLowDateTime=0xfbbec2b0, ftLastWriteTime.dwHighDateTime=0x1d5c0ee, nFileSizeHigh=0x0, nFileSizeLow=0x129b2, dwReserved0=0x0, dwReserved1=0x5fc, cFileName="2TMIclV3ChpQqf6aBK N.xlsx", cAlternateFileName="2TMICL~1.XLS")) returned 1 [0035.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6ea7f8 [0035.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6ea8a0 [0035.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0035.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\2TMIclV3ChpQqf6aBK N.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\2tmiclv3chpqqf6abk n.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.659] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x129b2, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x129b2, lpOverlapped=0x0) returned 1 [0035.660] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.660] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x129b2, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x129b2, lpOverlapped=0x0) returned 1 [0035.661] CloseHandle (hObject=0x44) returned 1 [0035.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6ea998 [0035.661] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\2TMIclV3ChpQqf6aBK N.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\2tmiclv3chpqqf6abk n.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\2TMIclV3ChpQqf6aBK N.xlsx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\2tmiclv3chpqqf6abk n.xlsx.adv")) returned 1 [0035.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea998 | out: hHeap=0x6d0000) returned 1 [0035.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea8a0 | out: hHeap=0x6d0000) returned 1 [0035.662] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x511899a0, ftCreationTime.dwHighDateTime=0x1d5c506, ftLastAccessTime.dwLowDateTime=0x91662ad0, ftLastAccessTime.dwHighDateTime=0x1d5bad5, ftLastWriteTime.dwLowDateTime=0x91662ad0, ftLastWriteTime.dwHighDateTime=0x1d5bad5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x5fc, cFileName="byYnvg0qRC6EmKjMZ", cAlternateFileName="BYYNVG~1")) returned 1 [0035.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6ea7f8 [0035.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6ea8a0 [0035.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0035.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ea998 [0035.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6eaa60 [0035.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea998 | out: hHeap=0x6d0000) returned 1 [0035.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x511899a0, ftCreationTime.dwHighDateTime=0x1d5c506, ftLastAccessTime.dwLowDateTime=0x91662ad0, ftLastAccessTime.dwHighDateTime=0x1d5bad5, ftLastWriteTime.dwLowDateTime=0x91662ad0, ftLastWriteTime.dwHighDateTime=0x1d5bad5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x5a7, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0035.662] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x511899a0, ftCreationTime.dwHighDateTime=0x1d5c506, ftLastAccessTime.dwLowDateTime=0x91662ad0, ftLastAccessTime.dwHighDateTime=0x1d5bad5, ftLastWriteTime.dwLowDateTime=0x91662ad0, ftLastWriteTime.dwHighDateTime=0x1d5bad5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x5a7, cFileName="..", cAlternateFileName="")) returned 1 [0035.662] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22703270, ftCreationTime.dwHighDateTime=0x1d5bf43, ftLastAccessTime.dwLowDateTime=0x64aba240, ftLastAccessTime.dwHighDateTime=0x1d5b6c5, ftLastWriteTime.dwLowDateTime=0x64aba240, ftLastWriteTime.dwHighDateTime=0x1d5b6c5, nFileSizeHigh=0x0, nFileSizeLow=0x12f92, dwReserved0=0x0, dwReserved1=0x5a7, cFileName="322JD.pptx", cAlternateFileName="322JD~1.PPT")) returned 1 [0035.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ea998 [0035.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6eab88 [0035.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea998 | out: hHeap=0x6d0000) returned 1 [0035.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\322JD.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\322jd.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0035.662] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12f92, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x12f92, lpOverlapped=0x0) returned 1 [0035.663] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.664] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12f92, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x12f92, lpOverlapped=0x0) returned 1 [0035.666] CloseHandle (hObject=0x48) returned 1 [0035.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6eacb0 [0035.666] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\322JD.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\322jd.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\322JD.pptx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\322jd.pptx.adv")) returned 1 [0035.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eacb0 | out: hHeap=0x6d0000) returned 1 [0035.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eab88 | out: hHeap=0x6d0000) returned 1 [0035.667] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf232aab0, ftCreationTime.dwHighDateTime=0x1d5bc50, ftLastAccessTime.dwLowDateTime=0xef51d5c0, ftLastAccessTime.dwHighDateTime=0x1d5b8ca, ftLastWriteTime.dwLowDateTime=0xef51d5c0, ftLastWriteTime.dwHighDateTime=0x1d5b8ca, nFileSizeHigh=0x0, nFileSizeLow=0x110f6, dwReserved0=0x0, dwReserved1=0x5a7, cFileName="cx40w93hccJ.docx", cAlternateFileName="CX40W9~1.DOC")) returned 1 [0035.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea998 | out: hHeap=0x6d0000) returned 1 [0035.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\cx40w93hccJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\cx40w93hccj.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0035.668] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x110f6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x110f6, lpOverlapped=0x0) returned 1 [0035.669] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.669] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x110f6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x110f6, lpOverlapped=0x0) returned 1 [0035.669] CloseHandle (hObject=0x48) returned 1 [0035.669] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\cx40w93hccJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\cx40w93hccj.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\cx40w93hccJ.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\cx40w93hccj.docx.adv")) returned 1 [0035.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eacb0 | out: hHeap=0x6d0000) returned 1 [0035.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eab88 | out: hHeap=0x6d0000) returned 1 [0035.670] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d01d50, ftCreationTime.dwHighDateTime=0x1d5c409, ftLastAccessTime.dwLowDateTime=0x3e5a45a0, ftLastAccessTime.dwHighDateTime=0x1d5b739, ftLastWriteTime.dwLowDateTime=0x3e5a45a0, ftLastWriteTime.dwHighDateTime=0x1d5b739, nFileSizeHigh=0x0, nFileSizeLow=0x1430d, dwReserved0=0x0, dwReserved1=0x5a7, cFileName="iFoJbq.ods", cAlternateFileName="")) returned 1 [0035.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ea998 [0035.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6eab88 [0035.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea998 | out: hHeap=0x6d0000) returned 1 [0035.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\iFoJbq.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\ifojbq.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0035.671] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1430d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1430d, lpOverlapped=0x0) returned 1 [0035.672] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.672] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1430d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1430d, lpOverlapped=0x0) returned 1 [0035.672] CloseHandle (hObject=0x48) returned 1 [0035.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6eacb0 [0035.672] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\iFoJbq.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\ifojbq.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\iFoJbq.ods.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\ifojbq.ods.adv")) returned 1 [0035.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eacb0 | out: hHeap=0x6d0000) returned 1 [0035.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eab88 | out: hHeap=0x6d0000) returned 1 [0035.673] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x742688a0, ftCreationTime.dwHighDateTime=0x1d5bdcf, ftLastAccessTime.dwLowDateTime=0xdba000d0, ftLastAccessTime.dwHighDateTime=0x1d5c566, ftLastWriteTime.dwLowDateTime=0xdba000d0, ftLastWriteTime.dwHighDateTime=0x1d5c566, nFileSizeHigh=0x0, nFileSizeLow=0x169c3, dwReserved0=0x0, dwReserved1=0x5a7, cFileName="Iy6er.doc", cAlternateFileName="")) returned 1 [0035.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ea998 [0035.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6eab88 [0035.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea998 | out: hHeap=0x6d0000) returned 1 [0035.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\Iy6er.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\iy6er.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0035.673] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x169c3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x169c3, lpOverlapped=0x0) returned 1 [0035.675] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.675] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x169c3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x169c3, lpOverlapped=0x0) returned 1 [0035.675] CloseHandle (hObject=0x48) returned 1 [0035.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6eacb0 [0035.675] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\Iy6er.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\iy6er.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\Iy6er.doc.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\iy6er.doc.adv")) returned 1 [0035.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eacb0 | out: hHeap=0x6d0000) returned 1 [0035.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eab88 | out: hHeap=0x6d0000) returned 1 [0035.676] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9dcba70, ftCreationTime.dwHighDateTime=0x1d5bc6f, ftLastAccessTime.dwLowDateTime=0x9690c790, ftLastAccessTime.dwHighDateTime=0x1d5bfee, ftLastWriteTime.dwLowDateTime=0x9690c790, ftLastWriteTime.dwHighDateTime=0x1d5bfee, nFileSizeHigh=0x0, nFileSizeLow=0x208d, dwReserved0=0x0, dwReserved1=0x5a7, cFileName="Q3z_epu.docx", cAlternateFileName="Q3Z_EP~1.DOC")) returned 1 [0035.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ea998 [0035.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6eab88 [0035.676] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea998 | out: hHeap=0x6d0000) returned 1 [0035.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\Q3z_epu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\q3z_epu.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0035.677] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x208d, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x208d, lpOverlapped=0x0) returned 1 [0035.677] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.678] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x208d, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x208d, lpOverlapped=0x0) returned 1 [0035.678] CloseHandle (hObject=0x48) returned 1 [0035.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6eacb0 [0035.679] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\Q3z_epu.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\q3z_epu.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\byYnvg0qRC6EmKjMZ\\Q3z_epu.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\byynvg0qrc6emkjmz\\q3z_epu.docx.adv")) returned 1 [0035.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eacb0 | out: hHeap=0x6d0000) returned 1 [0035.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eab88 | out: hHeap=0x6d0000) returned 1 [0035.680] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9dcba70, ftCreationTime.dwHighDateTime=0x1d5bc6f, ftLastAccessTime.dwLowDateTime=0x9690c790, ftLastAccessTime.dwHighDateTime=0x1d5bfee, ftLastWriteTime.dwLowDateTime=0x9690c790, ftLastWriteTime.dwHighDateTime=0x1d5bfee, nFileSizeHigh=0x0, nFileSizeLow=0x208d, dwReserved0=0x0, dwReserved1=0x5a7, cFileName="Q3z_epu.docx", cAlternateFileName="Q3Z_EP~1.DOC")) returned 0 [0035.680] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0035.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eaa60 | out: hHeap=0x6d0000) returned 1 [0035.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea8a0 | out: hHeap=0x6d0000) returned 1 [0035.680] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64f6a590, ftCreationTime.dwHighDateTime=0x1d5ba55, ftLastAccessTime.dwLowDateTime=0x7547a3a0, ftLastAccessTime.dwHighDateTime=0x1d5c3af, ftLastWriteTime.dwLowDateTime=0x7547a3a0, ftLastWriteTime.dwHighDateTime=0x1d5c3af, nFileSizeHigh=0x0, nFileSizeLow=0x81e7, dwReserved0=0x0, dwReserved1=0x5fc, cFileName="hfLs9h.docx", cAlternateFileName="HFLS9H~1.DOC")) returned 1 [0035.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6ea7f8 [0035.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6ea8a0 [0035.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0035.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\hfLs9h.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\hfls9h.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.681] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x81e7, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x81e7, lpOverlapped=0x0) returned 1 [0035.682] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.682] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x81e7, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x81e7, lpOverlapped=0x0) returned 1 [0035.682] CloseHandle (hObject=0x44) returned 1 [0035.682] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ea998 [0035.682] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\hfLs9h.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\hfls9h.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\l Wcxjfs2MNdTFS7NC\\xPvqgBo7j3izw\\hfLs9h.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\l wcxjfs2mndtfs7nc\\xpvqgbo7j3izw\\hfls9h.docx.adv")) returned 1 [0035.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea998 | out: hHeap=0x6d0000) returned 1 [0035.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea8a0 | out: hHeap=0x6d0000) returned 1 [0035.683] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64f6a590, ftCreationTime.dwHighDateTime=0x1d5ba55, ftLastAccessTime.dwLowDateTime=0x7547a3a0, ftLastAccessTime.dwHighDateTime=0x1d5c3af, ftLastWriteTime.dwLowDateTime=0x7547a3a0, ftLastWriteTime.dwHighDateTime=0x1d5c3af, nFileSizeHigh=0x0, nFileSizeLow=0x81e7, dwReserved0=0x0, dwReserved1=0x5fc, cFileName="hfLs9h.docx", cAlternateFileName="HFLS9H~1.DOC")) returned 0 [0035.683] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0035.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0035.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0035.683] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f814730, ftCreationTime.dwHighDateTime=0x1d5bcbc, ftLastAccessTime.dwLowDateTime=0x2f680a90, ftLastAccessTime.dwHighDateTime=0x1d5bb90, ftLastWriteTime.dwLowDateTime=0x2f680a90, ftLastWriteTime.dwHighDateTime=0x1d5bb90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="xPvqgBo7j3izw", cAlternateFileName="XPVQGB~1")) returned 0 [0035.683] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0035.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.683] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48438280, ftCreationTime.dwHighDateTime=0x1d5b6d9, ftLastAccessTime.dwLowDateTime=0xd8addb30, ftLastAccessTime.dwHighDateTime=0x1d5c56c, ftLastWriteTime.dwLowDateTime=0xd8addb30, ftLastWriteTime.dwHighDateTime=0x1d5c56c, nFileSizeHigh=0x0, nFileSizeLow=0x7bcc, dwReserved0=0x0, dwReserved1=0x3b, cFileName="R7FP.docx", cAlternateFileName="R7FP~1.DOC")) returned 1 [0035.683] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.683] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0035.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\R7FP.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\r7fp.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.684] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7bcc, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x7bcc, lpOverlapped=0x0) returned 1 [0035.685] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.685] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7bcc, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x7bcc, lpOverlapped=0x0) returned 1 [0035.685] CloseHandle (hObject=0x3c) returned 1 [0035.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.685] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\R7FP.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\r7fp.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\R7FP.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\r7fp.docx.adv")) returned 1 [0035.686] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.686] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.686] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ecfe970, ftCreationTime.dwHighDateTime=0x1d5b7e4, ftLastAccessTime.dwLowDateTime=0x9dca16d0, ftLastAccessTime.dwHighDateTime=0x1d5b9d4, ftLastWriteTime.dwLowDateTime=0x9dca16d0, ftLastWriteTime.dwHighDateTime=0x1d5b9d4, nFileSizeHigh=0x0, nFileSizeLow=0xd081, dwReserved0=0x0, dwReserved1=0x3b, cFileName="srInWKB.csv", cAlternateFileName="")) returned 1 [0035.686] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.686] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0035.686] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\srInWKB.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\srinwkb.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.686] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd081, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xd081, lpOverlapped=0x0) returned 1 [0035.687] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.687] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd081, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xd081, lpOverlapped=0x0) returned 1 [0035.688] CloseHandle (hObject=0x3c) returned 1 [0035.688] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.688] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\srInWKB.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\srinwkb.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\srInWKB.csv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\srinwkb.csv.adv")) returned 1 [0035.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.689] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcdbe4720, ftCreationTime.dwHighDateTime=0x1d5c5a6, ftLastAccessTime.dwLowDateTime=0xc9350540, ftLastAccessTime.dwHighDateTime=0x1d5c213, ftLastWriteTime.dwLowDateTime=0xc9350540, ftLastWriteTime.dwHighDateTime=0x1d5c213, nFileSizeHigh=0x0, nFileSizeLow=0xa746, dwReserved0=0x0, dwReserved1=0x3b, cFileName="st3J1Znucp.odp", cAlternateFileName="ST3J1Z~1.ODP")) returned 1 [0035.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0035.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\st3J1Znucp.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\st3j1znucp.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.689] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa746, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xa746, lpOverlapped=0x0) returned 1 [0035.690] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.690] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa746, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xa746, lpOverlapped=0x0) returned 1 [0035.690] CloseHandle (hObject=0x3c) returned 1 [0035.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.690] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\st3J1Znucp.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\st3j1znucp.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\st3J1Znucp.odp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\st3j1znucp.odp.adv")) returned 1 [0035.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.691] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x413b3db0, ftCreationTime.dwHighDateTime=0x1d5bc98, ftLastAccessTime.dwLowDateTime=0x10c26d60, ftLastAccessTime.dwHighDateTime=0x1d5bbe5, ftLastWriteTime.dwLowDateTime=0x10c26d60, ftLastWriteTime.dwHighDateTime=0x1d5bbe5, nFileSizeHigh=0x0, nFileSizeLow=0x6ca0, dwReserved0=0x0, dwReserved1=0x3b, cFileName="tl87heps.docx", cAlternateFileName="TL87HE~1.DOC")) returned 1 [0035.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0035.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\tl87heps.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\tl87heps.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.692] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6ca0, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x6ca0, lpOverlapped=0x0) returned 1 [0035.693] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.693] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6ca0, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x6ca0, lpOverlapped=0x0) returned 1 [0035.693] CloseHandle (hObject=0x3c) returned 1 [0035.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.693] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\tl87heps.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\tl87heps.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\tl87heps.docx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\tl87heps.docx.adv")) returned 1 [0035.694] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.694] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.694] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41714f90, ftCreationTime.dwHighDateTime=0x1d5bc9d, ftLastAccessTime.dwLowDateTime=0x1fa9fcb0, ftLastAccessTime.dwHighDateTime=0x1d5c5c9, ftLastWriteTime.dwLowDateTime=0x1fa9fcb0, ftLastWriteTime.dwHighDateTime=0x1d5c5c9, nFileSizeHigh=0x0, nFileSizeLow=0x12112, dwReserved0=0x0, dwReserved1=0x3b, cFileName="x4TGvDIq3vFwDMeTvjCK.pdf", cAlternateFileName="X4TGVD~1.PDF")) returned 1 [0035.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.694] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\x4TGvDIq3vFwDMeTvjCK.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\x4tgvdiq3vfwdmetvjck.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.694] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12112, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x12112, lpOverlapped=0x0) returned 1 [0035.695] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.695] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12112, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x12112, lpOverlapped=0x0) returned 1 [0035.696] CloseHandle (hObject=0x3c) returned 1 [0035.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0948 [0035.696] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\x4TGvDIq3vFwDMeTvjCK.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\x4tgvdiq3vfwdmetvjck.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\x4TGvDIq3vFwDMeTvjCK.pdf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\x4tgvdiq3vfwdmetvjck.pdf.adv")) returned 1 [0035.697] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.697] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.697] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd09bd2b0, ftCreationTime.dwHighDateTime=0x1d5bc31, ftLastAccessTime.dwLowDateTime=0x51355160, ftLastAccessTime.dwHighDateTime=0x1d5c23d, ftLastWriteTime.dwLowDateTime=0x51355160, ftLastWriteTime.dwHighDateTime=0x1d5c23d, nFileSizeHigh=0x0, nFileSizeLow=0x1a3f, dwReserved0=0x0, dwReserved1=0x3b, cFileName="xycWiew0u7O5sZe7pd.ots", cAlternateFileName="XYCWIE~1.OTS")) returned 1 [0035.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.697] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\xycWiew0u7O5sZe7pd.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\xycwiew0u7o5sze7pd.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.697] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a3f, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1a3f, lpOverlapped=0x0) returned 1 [0035.698] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.698] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a3f, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1a3f, lpOverlapped=0x0) returned 1 [0035.698] CloseHandle (hObject=0x3c) returned 1 [0035.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0035.698] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\xycWiew0u7O5sZe7pd.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\xycwiew0u7o5sze7pd.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\xycWiew0u7O5sZe7pd.ots.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\xycwiew0u7o5sze7pd.ots.adv")) returned 1 [0035.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.699] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81788680, ftCreationTime.dwHighDateTime=0x1d5bf31, ftLastAccessTime.dwLowDateTime=0x8948d550, ftLastAccessTime.dwHighDateTime=0x1d5c4ee, ftLastWriteTime.dwLowDateTime=0x8948d550, ftLastWriteTime.dwHighDateTime=0x1d5c4ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3b, cFileName="yU92oIgqLmdwalnxc0Eo", cAlternateFileName="YU92OI~1")) returned 1 [0035.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0035.699] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\yU92oIgqLmdwalnxc0Eo\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81788680, ftCreationTime.dwHighDateTime=0x1d5bf31, ftLastAccessTime.dwLowDateTime=0x8948d550, ftLastAccessTime.dwHighDateTime=0x1d5c4ee, ftLastWriteTime.dwLowDateTime=0x8948d550, ftLastWriteTime.dwHighDateTime=0x1d5c4ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2b, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0035.700] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81788680, ftCreationTime.dwHighDateTime=0x1d5bf31, ftLastAccessTime.dwLowDateTime=0x8948d550, ftLastAccessTime.dwHighDateTime=0x1d5c4ee, ftLastWriteTime.dwLowDateTime=0x8948d550, ftLastWriteTime.dwHighDateTime=0x1d5c4ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2b, cFileName="..", cAlternateFileName="")) returned 1 [0035.700] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45b44530, ftCreationTime.dwHighDateTime=0x1d5c026, ftLastAccessTime.dwLowDateTime=0xb20fbc00, ftLastAccessTime.dwHighDateTime=0x1d5bdba, ftLastWriteTime.dwLowDateTime=0xb20fbc00, ftLastWriteTime.dwHighDateTime=0x1d5bdba, nFileSizeHigh=0x0, nFileSizeLow=0x8452, dwReserved0=0x0, dwReserved1=0x2b, cFileName="FHSxYGZAJTvUMW.pdf", cAlternateFileName="FHSXYG~1.PDF")) returned 1 [0035.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09e0 [0035.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a78 [0035.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0035.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\yU92oIgqLmdwalnxc0Eo\\FHSxYGZAJTvUMW.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\yu92oigqlmdwalnxc0eo\\fhsxygzajtvumw.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.700] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8452, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x8452, lpOverlapped=0x0) returned 1 [0035.701] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.701] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8452, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x8452, lpOverlapped=0x0) returned 1 [0035.702] CloseHandle (hObject=0x40) returned 1 [0035.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6ea7f8 [0035.702] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\yU92oIgqLmdwalnxc0Eo\\FHSxYGZAJTvUMW.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\yu92oigqlmdwalnxc0eo\\fhsxygzajtvumw.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vb95\\yU92oIgqLmdwalnxc0Eo\\FHSxYGZAJTvUMW.pdf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vb95\\yu92oigqlmdwalnxc0eo\\fhsxygzajtvumw.pdf.adv")) returned 1 [0035.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea7f8 | out: hHeap=0x6d0000) returned 1 [0035.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0035.703] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45b44530, ftCreationTime.dwHighDateTime=0x1d5c026, ftLastAccessTime.dwLowDateTime=0xb20fbc00, ftLastAccessTime.dwHighDateTime=0x1d5bdba, ftLastWriteTime.dwLowDateTime=0xb20fbc00, ftLastWriteTime.dwHighDateTime=0x1d5bdba, nFileSizeHigh=0x0, nFileSizeLow=0x8452, dwReserved0=0x0, dwReserved1=0x2b, cFileName="FHSxYGZAJTvUMW.pdf", cAlternateFileName="FHSXYG~1.PDF")) returned 0 [0035.703] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0035.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.703] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81788680, ftCreationTime.dwHighDateTime=0x1d5bf31, ftLastAccessTime.dwLowDateTime=0x8948d550, ftLastAccessTime.dwHighDateTime=0x1d5c4ee, ftLastWriteTime.dwLowDateTime=0x8948d550, ftLastWriteTime.dwHighDateTime=0x1d5c4ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3b, cFileName="yU92oIgqLmdwalnxc0Eo", cAlternateFileName="YU92OI~1")) returned 0 [0035.703] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.703] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2b31100, ftCreationTime.dwHighDateTime=0x1d55287, ftLastAccessTime.dwLowDateTime=0x9d0ed150, ftLastAccessTime.dwHighDateTime=0x1d5650a, ftLastWriteTime.dwLowDateTime=0x9d0ed150, ftLastWriteTime.dwHighDateTime=0x1d5650a, nFileSizeHigh=0x0, nFileSizeLow=0x5cc5, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="wbU73g-IM1gj2HLFm.xlsx", cAlternateFileName="WBU73G~1.XLS")) returned 1 [0035.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.703] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.703] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wbU73g-IM1gj2HLFm.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wbu73g-im1gj2hlfm.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.704] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5cc5, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x5cc5, lpOverlapped=0x0) returned 1 [0035.704] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.704] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5cc5, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x5cc5, lpOverlapped=0x0) returned 1 [0035.705] CloseHandle (hObject=0x38) returned 1 [0035.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2048 [0035.705] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wbU73g-IM1gj2HLFm.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wbu73g-im1gj2hlfm.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wbU73g-IM1gj2HLFm.xlsx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wbu73g-im1gj2hlfm.xlsx.adv")) returned 1 [0035.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.706] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a167290, ftCreationTime.dwHighDateTime=0x1d5637b, ftLastAccessTime.dwLowDateTime=0x7818e770, ftLastAccessTime.dwHighDateTime=0x1d5c1bf, ftLastWriteTime.dwLowDateTime=0x7818e770, ftLastWriteTime.dwHighDateTime=0x1d5c1bf, nFileSizeHigh=0x0, nFileSizeLow=0x14471, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="ybHLj6WYBUL0Ygix.xlsx", cAlternateFileName="YBHLJ6~1.XLS")) returned 1 [0035.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ybHLj6WYBUL0Ygix.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ybhlj6wybul0ygix.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.706] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14471, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x14471, lpOverlapped=0x0) returned 1 [0035.707] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.707] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14471, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x14471, lpOverlapped=0x0) returned 1 [0035.708] CloseHandle (hObject=0x38) returned 1 [0035.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2048 [0035.708] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ybHLj6WYBUL0Ygix.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ybhlj6wybul0ygix.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ybHLj6WYBUL0Ygix.xlsx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ybhlj6wybul0ygix.xlsx.adv")) returned 1 [0035.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.709] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb883640, ftCreationTime.dwHighDateTime=0x1d559fe, ftLastAccessTime.dwLowDateTime=0xba43ecb0, ftLastAccessTime.dwHighDateTime=0x1d5597f, ftLastWriteTime.dwLowDateTime=0xba43ecb0, ftLastWriteTime.dwHighDateTime=0x1d5597f, nFileSizeHigh=0x0, nFileSizeLow=0xbdfc, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="yTDYl.xlsx", cAlternateFileName="YTDYL~1.XLS")) returned 1 [0035.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yTDYl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ytdyl.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.709] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbdfc, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xbdfc, lpOverlapped=0x0) returned 1 [0035.710] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.710] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbdfc, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xbdfc, lpOverlapped=0x0) returned 1 [0035.710] CloseHandle (hObject=0x38) returned 1 [0035.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.711] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yTDYl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ytdyl.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yTDYl.xlsx.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ytdyl.xlsx.adv")) returned 1 [0035.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.712] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5c0bff0, ftCreationTime.dwHighDateTime=0x1d5b7f6, ftLastAccessTime.dwLowDateTime=0x5182c060, ftLastAccessTime.dwHighDateTime=0x1d5b650, ftLastWriteTime.dwLowDateTime=0x5182c060, ftLastWriteTime.dwHighDateTime=0x1d5b650, nFileSizeHigh=0x0, nFileSizeLow=0xf87f, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="_6TDL0rLEXCz3rXS.ots", cAlternateFileName="_6TDL0~1.OTS")) returned 1 [0035.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_6TDL0rLEXCz3rXS.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_6tdl0rlexcz3rxs.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.713] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf87f, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xf87f, lpOverlapped=0x0) returned 1 [0035.713] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.714] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf87f, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xf87f, lpOverlapped=0x0) returned 1 [0035.714] CloseHandle (hObject=0x38) returned 1 [0035.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2048 [0035.714] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_6TDL0rLEXCz3rXS.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_6tdl0rlexcz3rxs.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_6TDL0rLEXCz3rXS.ots.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_6tdl0rlexcz3rxs.ots.adv")) returned 1 [0035.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.715] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5c0bff0, ftCreationTime.dwHighDateTime=0x1d5b7f6, ftLastAccessTime.dwLowDateTime=0x5182c060, ftLastAccessTime.dwHighDateTime=0x1d5b650, ftLastWriteTime.dwLowDateTime=0x5182c060, ftLastWriteTime.dwHighDateTime=0x1d5b650, nFileSizeHigh=0x0, nFileSizeLow=0xf87f, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="_6TDL0rLEXCz3rXS.ots", cAlternateFileName="_6TDL0~1.OTS")) returned 0 [0035.715] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0035.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.715] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0035.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f60 [0035.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e1fc8 [0035.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.715] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0035.716] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="..", cAlternateFileName="")) returned 1 [0035.716] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.716] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.716] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0035.717] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.717] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0035.717] CloseHandle (hObject=0x38) returned 1 [0035.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.717] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini.adv")) returned 1 [0035.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.718] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0035.718] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0035.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.718] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0035.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f60 [0035.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e1fc8 [0035.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.719] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0035.719] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="..", cAlternateFileName="")) returned 1 [0035.719] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.719] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x192, lpOverlapped=0x0) returned 1 [0035.720] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.720] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x192, lpOverlapped=0x0) returned 1 [0035.720] CloseHandle (hObject=0x38) returned 1 [0035.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.720] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini.adv")) returned 1 [0035.721] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.721] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.721] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="Links", cAlternateFileName="")) returned 1 [0035.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.721] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.721] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x55, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.721] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x55, cFileName="..", cAlternateFileName="")) returned 1 [0035.721] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x55, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0035.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.722] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x50, lpOverlapped=0x0) returned 1 [0035.723] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.723] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x50, lpOverlapped=0x0) returned 1 [0035.723] CloseHandle (hObject=0x3c) returned 1 [0035.723] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.723] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini.adv")) returned 1 [0035.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.725] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x55, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1 [0035.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.725] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.726] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xec, lpOverlapped=0x0) returned 1 [0035.727] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.727] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xec, lpOverlapped=0x0) returned 1 [0035.727] CloseHandle (hObject=0x3c) returned 1 [0035.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0035.727] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.adv")) returned 1 [0035.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.728] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x55, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0035.728] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20c8 [0035.728] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.728] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.729] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xe2, lpOverlapped=0x0) returned 1 [0035.729] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.729] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xe2, lpOverlapped=0x0) returned 1 [0035.730] CloseHandle (hObject=0x3c) returned 1 [0035.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0035.730] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.adv")) returned 1 [0035.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.731] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x55, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0035.731] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.731] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0035.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.731] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x55, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.733] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x55, cFileName="..", cAlternateFileName="")) returned 1 [0035.733] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0035.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.733] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.734] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.734] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.734] CloseHandle (hObject=0x3c) returned 1 [0035.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0978 [0035.734] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.adv")) returned 1 [0035.735] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.735] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.735] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0035.735] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.735] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.735] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.736] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.737] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.737] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.737] CloseHandle (hObject=0x3c) returned 1 [0035.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0978 [0035.737] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.adv")) returned 1 [0035.738] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.738] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.738] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0035.738] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.738] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.738] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.739] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.740] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.740] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.740] CloseHandle (hObject=0x3c) returned 1 [0035.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0978 [0035.740] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.adv")) returned 1 [0035.741] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.741] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.741] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0035.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.741] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.741] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.743] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.743] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.743] CloseHandle (hObject=0x3c) returned 1 [0035.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0978 [0035.743] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.adv")) returned 1 [0035.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.744] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x55, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0035.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.745] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x86, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x86, lpOverlapped=0x0) returned 1 [0035.746] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.746] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x86, lpOverlapped=0x0) returned 1 [0035.746] CloseHandle (hObject=0x3c) returned 1 [0035.746] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0978 [0035.746] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.adv")) returned 1 [0035.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.747] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x55, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0035.747] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.747] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0035.747] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.747] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.748] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x55, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.749] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x55, cFileName="..", cAlternateFileName="")) returned 1 [0035.749] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0035.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.749] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.750] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.750] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.750] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.751] CloseHandle (hObject=0x3c) returned 1 [0035.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0035.751] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.adv")) returned 1 [0035.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.751] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0035.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.752] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.753] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.753] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.754] CloseHandle (hObject=0x3c) returned 1 [0035.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0960 [0035.754] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.adv")) returned 1 [0035.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.754] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0035.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.756] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.756] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.756] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.757] CloseHandle (hObject=0x3c) returned 1 [0035.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0035.757] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.adv")) returned 1 [0035.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.757] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0035.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.760] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.761] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.761] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.761] CloseHandle (hObject=0x3c) returned 1 [0035.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0035.761] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.adv")) returned 1 [0035.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.762] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0035.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.762] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.762] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.763] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.763] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.763] CloseHandle (hObject=0x3c) returned 1 [0035.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0035.763] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.adv")) returned 1 [0035.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.764] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0035.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.765] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.766] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.766] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.766] CloseHandle (hObject=0x3c) returned 1 [0035.766] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0035.766] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.adv")) returned 1 [0035.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.767] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0035.767] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.767] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0035.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2048 [0035.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e6780 [0035.767] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x55, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.769] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x55, cFileName="..", cAlternateFileName="")) returned 1 [0035.769] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0035.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.770] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.771] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.771] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.771] CloseHandle (hObject=0x3c) returned 1 [0035.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0960 [0035.771] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.adv")) returned 1 [0035.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.772] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0035.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.773] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.774] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.774] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.774] CloseHandle (hObject=0x3c) returned 1 [0035.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0960 [0035.774] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.adv")) returned 1 [0035.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.775] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0035.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6e20c8 [0035.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20c8 | out: hHeap=0x6d0000) returned 1 [0035.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.776] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.777] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.777] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.777] CloseHandle (hObject=0x3c) returned 1 [0035.777] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0960 [0035.777] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.adv")) returned 1 [0035.777] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.778] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0035.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.779] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.780] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.780] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0035.780] CloseHandle (hObject=0x3c) returned 1 [0035.780] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0960 [0035.780] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.adv")) returned 1 [0035.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.781] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x55, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 0 [0035.781] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0035.781] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0035.781] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0035.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.781] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Links", cAlternateFileName="")) returned 1 [0035.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f60 [0035.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.781] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0035.781] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="..", cAlternateFileName="")) returned 1 [0035.781] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fc8 [0035.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6e2020 [0035.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.782] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x244, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x244, lpOverlapped=0x0) returned 1 [0035.783] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.783] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x244, lpOverlapped=0x0) returned 1 [0035.783] CloseHandle (hObject=0x38) returned 1 [0035.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.783] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini.adv")) returned 1 [0035.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0035.784] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0035.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fc8 [0035.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.785] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1e6, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1e6, lpOverlapped=0x0) returned 1 [0035.786] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.786] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1e6, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1e6, lpOverlapped=0x0) returned 1 [0035.786] CloseHandle (hObject=0x38) returned 1 [0035.786] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.786] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk.adv")) returned 1 [0035.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.787] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0035.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed7f8 [0035.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.787] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3a1, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x3a1, lpOverlapped=0x0) returned 1 [0035.789] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.789] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3a1, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x3a1, lpOverlapped=0x0) returned 1 [0035.789] CloseHandle (hObject=0x38) returned 1 [0035.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.789] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk.adv")) returned 1 [0035.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.790] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0035.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed7f8 [0035.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.791] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16b, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x16b, lpOverlapped=0x0) returned 1 [0035.792] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.792] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16b, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x16b, lpOverlapped=0x0) returned 1 [0035.792] CloseHandle (hObject=0x38) returned 1 [0035.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.792] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk.adv")) returned 1 [0035.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.795] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0035.795] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0035.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.795] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0035.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed7f8 [0035.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.795] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="RecentPlaces.lnk", cAlternateFileName="")) returned 0xffffffff [0035.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.795] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9fe95fb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9fe95fb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Music", cAlternateFileName="")) returned 1 [0035.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6ed7f8 [0035.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.795] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9fe95fb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9fe95fb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0035.796] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9fe95fb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9fe95fb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="..", cAlternateFileName="")) returned 1 [0035.796] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x436b68e0, ftCreationTime.dwHighDateTime=0x1d5b5ad, ftLastAccessTime.dwLowDateTime=0x518d2ca0, ftLastAccessTime.dwHighDateTime=0x1d5baae, ftLastWriteTime.dwLowDateTime=0x518d2ca0, ftLastWriteTime.dwHighDateTime=0x1d5baae, nFileSizeHigh=0x0, nFileSizeLow=0x12e5d, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="3MMdOwnsA.m4a", cAlternateFileName="3MMDOW~1.M4A")) returned 1 [0035.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0035.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3MMdOwnsA.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3mmdownsa.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.796] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12e5d, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x12e5d, lpOverlapped=0x0) returned 1 [0035.797] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.797] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12e5d, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x12e5d, lpOverlapped=0x0) returned 1 [0035.797] CloseHandle (hObject=0x38) returned 1 [0035.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.798] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3MMdOwnsA.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3mmdownsa.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3MMdOwnsA.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3mmdownsa.m4a.adv")) returned 1 [0035.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.798] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5801410, ftCreationTime.dwHighDateTime=0x1d5c087, ftLastAccessTime.dwLowDateTime=0xabc27890, ftLastAccessTime.dwHighDateTime=0x1d5c4d3, ftLastWriteTime.dwLowDateTime=0xabc27890, ftLastWriteTime.dwHighDateTime=0x1d5c4d3, nFileSizeHigh=0x0, nFileSizeLow=0xcc51, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="3mVMi4.m4a", cAlternateFileName="")) returned 1 [0035.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0035.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3mVMi4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3mvmi4.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.799] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcc51, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xcc51, lpOverlapped=0x0) returned 1 [0035.799] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.800] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcc51, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xcc51, lpOverlapped=0x0) returned 1 [0035.800] CloseHandle (hObject=0x38) returned 1 [0035.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.800] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3mVMi4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3mvmi4.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3mVMi4.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3mvmi4.m4a.adv")) returned 1 [0035.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.800] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0035.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.801] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0035.802] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.802] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0035.802] CloseHandle (hObject=0x38) returned 1 [0035.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.802] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini.adv")) returned 1 [0035.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.802] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21f80f60, ftCreationTime.dwHighDateTime=0x1d5b6f7, ftLastAccessTime.dwLowDateTime=0x2aa0f5b0, ftLastAccessTime.dwHighDateTime=0x1d5be3a, ftLastWriteTime.dwLowDateTime=0x2aa0f5b0, ftLastWriteTime.dwHighDateTime=0x1d5be3a, nFileSizeHigh=0x0, nFileSizeLow=0xd51b, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="Iuo JbZ4fXGoEDJ.mp3", cAlternateFileName="IUOJBZ~1.MP3")) returned 1 [0035.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0035.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Iuo JbZ4fXGoEDJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\iuo jbz4fxgoedj.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.803] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd51b, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xd51b, lpOverlapped=0x0) returned 1 [0035.804] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.804] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd51b, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xd51b, lpOverlapped=0x0) returned 1 [0035.804] CloseHandle (hObject=0x38) returned 1 [0035.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.804] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Iuo JbZ4fXGoEDJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\iuo jbz4fxgoedj.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Iuo JbZ4fXGoEDJ.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\iuo jbz4fxgoedj.mp3.adv")) returned 1 [0035.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.806] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe116fc90, ftCreationTime.dwHighDateTime=0x1d5b6ba, ftLastAccessTime.dwLowDateTime=0xa2e11e20, ftLastAccessTime.dwHighDateTime=0x1d5c267, ftLastWriteTime.dwLowDateTime=0xa2e11e20, ftLastWriteTime.dwHighDateTime=0x1d5c267, nFileSizeHigh=0x0, nFileSizeLow=0xce30, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="lKr7gc.wav", cAlternateFileName="")) returned 1 [0035.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0035.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lKr7gc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lkr7gc.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.806] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce30, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xce30, lpOverlapped=0x0) returned 1 [0035.807] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.807] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce30, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xce30, lpOverlapped=0x0) returned 1 [0035.807] CloseHandle (hObject=0x38) returned 1 [0035.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.807] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lKr7gc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lkr7gc.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lKr7gc.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lkr7gc.wav.adv")) returned 1 [0035.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.808] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b88bfc0, ftCreationTime.dwHighDateTime=0x1d5bcea, ftLastAccessTime.dwLowDateTime=0x57a0aec0, ftLastAccessTime.dwHighDateTime=0x1d5c425, ftLastWriteTime.dwLowDateTime=0x57a0aec0, ftLastWriteTime.dwHighDateTime=0x1d5c425, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="luaXVHHwWG", cAlternateFileName="LUAXVH~1")) returned 1 [0035.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0035.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1fc8 [0035.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b88bfc0, ftCreationTime.dwHighDateTime=0x1d5bcea, ftLastAccessTime.dwLowDateTime=0x57a0aec0, ftLastAccessTime.dwHighDateTime=0x1d5c425, ftLastWriteTime.dwLowDateTime=0x57a0aec0, ftLastWriteTime.dwHighDateTime=0x1d5c425, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.809] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b88bfc0, ftCreationTime.dwHighDateTime=0x1d5bcea, ftLastAccessTime.dwLowDateTime=0x57a0aec0, ftLastAccessTime.dwHighDateTime=0x1d5c425, ftLastWriteTime.dwLowDateTime=0x57a0aec0, ftLastWriteTime.dwHighDateTime=0x1d5c425, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0035.809] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47869600, ftCreationTime.dwHighDateTime=0x1d5b627, ftLastAccessTime.dwLowDateTime=0xc5e48350, ftLastAccessTime.dwHighDateTime=0x1d5ba13, ftLastWriteTime.dwLowDateTime=0xc5e48350, ftLastWriteTime.dwHighDateTime=0x1d5ba13, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-kdA3_UEzgu", cAlternateFileName="-KDA3_~1")) returned 1 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2060 [0035.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47869600, ftCreationTime.dwHighDateTime=0x1d5b627, ftLastAccessTime.dwLowDateTime=0xc5e48350, ftLastAccessTime.dwHighDateTime=0x1d5ba13, ftLastWriteTime.dwLowDateTime=0xc5e48350, ftLastWriteTime.dwHighDateTime=0x1d5ba13, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0035.809] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47869600, ftCreationTime.dwHighDateTime=0x1d5b627, ftLastAccessTime.dwLowDateTime=0xc5e48350, ftLastAccessTime.dwHighDateTime=0x1d5ba13, ftLastWriteTime.dwLowDateTime=0xc5e48350, ftLastWriteTime.dwHighDateTime=0x1d5ba13, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="..", cAlternateFileName="")) returned 1 [0035.809] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cd38590, ftCreationTime.dwHighDateTime=0x1d5bbce, ftLastAccessTime.dwLowDateTime=0xbe1e2dc0, ftLastAccessTime.dwHighDateTime=0x1d5c016, ftLastWriteTime.dwLowDateTime=0xbe1e2dc0, ftLastWriteTime.dwHighDateTime=0x1d5c016, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="45n-Vl_-z5dwIAG3P", cAlternateFileName="45N-VL~1")) returned 1 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0978 [0035.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cd38590, ftCreationTime.dwHighDateTime=0x1d5bbce, ftLastAccessTime.dwLowDateTime=0xbe1e2dc0, ftLastAccessTime.dwHighDateTime=0x1d5c016, ftLastWriteTime.dwLowDateTime=0xbe1e2dc0, ftLastWriteTime.dwHighDateTime=0x1d5c016, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5b627, dwReserved1=0xc5e48350, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0035.809] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cd38590, ftCreationTime.dwHighDateTime=0x1d5bbce, ftLastAccessTime.dwLowDateTime=0xbe1e2dc0, ftLastAccessTime.dwHighDateTime=0x1d5c016, ftLastWriteTime.dwLowDateTime=0xbe1e2dc0, ftLastWriteTime.dwHighDateTime=0x1d5c016, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5b627, dwReserved1=0xc5e48350, cFileName="..", cAlternateFileName="")) returned 1 [0035.809] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ebe32a0, ftCreationTime.dwHighDateTime=0x1d5c579, ftLastAccessTime.dwLowDateTime=0x7cd499e0, ftLastAccessTime.dwHighDateTime=0x1d5b67e, ftLastWriteTime.dwLowDateTime=0x7cd499e0, ftLastWriteTime.dwHighDateTime=0x1d5b67e, nFileSizeHigh=0x0, nFileSizeLow=0x18dd2, dwReserved0=0x1d5b627, dwReserved1=0xc5e48350, cFileName="1da2kToUWvx43-.mp3", cAlternateFileName="1DA2KT~1.MP3")) returned 1 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a20 [0035.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0ac8 [0035.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0035.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\1da2kToUWvx43-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\1da2ktouwvx43-.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.810] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18dd2, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x18dd2, lpOverlapped=0x0) returned 1 [0035.811] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.811] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18dd2, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x18dd2, lpOverlapped=0x0) returned 1 [0035.811] CloseHandle (hObject=0x44) returned 1 [0035.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x710be8 [0035.812] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\1da2kToUWvx43-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\1da2ktouwvx43-.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\1da2kToUWvx43-.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\1da2ktouwvx43-.mp3.adv")) returned 1 [0035.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x710be8 | out: hHeap=0x6d0000) returned 1 [0035.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac8 | out: hHeap=0x6d0000) returned 1 [0035.813] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50eaf6c0, ftCreationTime.dwHighDateTime=0x1d5bdaf, ftLastAccessTime.dwLowDateTime=0x75bee0, ftLastAccessTime.dwHighDateTime=0x1d5b6da, ftLastWriteTime.dwLowDateTime=0x75bee0, ftLastWriteTime.dwHighDateTime=0x1d5b6da, nFileSizeHigh=0x0, nFileSizeLow=0x12285, dwReserved0=0x1d5b627, dwReserved1=0xc5e48350, cFileName="83QT_Ez0SRM6H.mp3", cAlternateFileName="83QT_E~1.MP3")) returned 1 [0035.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a20 [0035.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0ac8 [0035.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0035.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\83QT_Ez0SRM6H.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\83qt_ez0srm6h.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.813] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12285, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x12285, lpOverlapped=0x0) returned 1 [0035.814] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.814] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12285, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x12285, lpOverlapped=0x0) returned 1 [0035.814] CloseHandle (hObject=0x44) returned 1 [0035.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x710be8 [0035.815] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\83QT_Ez0SRM6H.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\83qt_ez0srm6h.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\83QT_Ez0SRM6H.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\83qt_ez0srm6h.mp3.adv")) returned 1 [0035.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x710be8 | out: hHeap=0x6d0000) returned 1 [0035.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac8 | out: hHeap=0x6d0000) returned 1 [0035.815] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7a55160, ftCreationTime.dwHighDateTime=0x1d5b8d4, ftLastAccessTime.dwLowDateTime=0x7f22c380, ftLastAccessTime.dwHighDateTime=0x1d5bfdd, ftLastWriteTime.dwLowDateTime=0x7f22c380, ftLastWriteTime.dwHighDateTime=0x1d5bfdd, nFileSizeHigh=0x0, nFileSizeLow=0x962b, dwReserved0=0x1d5b627, dwReserved1=0xc5e48350, cFileName="YFqfgo.wav", cAlternateFileName="")) returned 1 [0035.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a20 [0035.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0ac8 [0035.816] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0035.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\YFqfgo.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\yfqfgo.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.816] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x962b, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x962b, lpOverlapped=0x0) returned 1 [0035.817] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.817] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x962b, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x962b, lpOverlapped=0x0) returned 1 [0035.817] CloseHandle (hObject=0x44) returned 1 [0035.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x710be8 [0035.817] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\YFqfgo.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\yfqfgo.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\YFqfgo.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\yfqfgo.wav.adv")) returned 1 [0035.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x710be8 | out: hHeap=0x6d0000) returned 1 [0035.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac8 | out: hHeap=0x6d0000) returned 1 [0035.818] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4d3dc60, ftCreationTime.dwHighDateTime=0x1d5c45b, ftLastAccessTime.dwLowDateTime=0x2f156e80, ftLastAccessTime.dwHighDateTime=0x1d5b7f2, ftLastWriteTime.dwLowDateTime=0x2f156e80, ftLastWriteTime.dwHighDateTime=0x1d5b7f2, nFileSizeHigh=0x0, nFileSizeLow=0x5448, dwReserved0=0x1d5b627, dwReserved1=0xc5e48350, cFileName="z1qw6-.mp3", cAlternateFileName="")) returned 1 [0035.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a20 [0035.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0ac8 [0035.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0035.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\z1qw6-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\z1qw6-.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.818] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5448, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x5448, lpOverlapped=0x0) returned 1 [0035.819] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.819] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5448, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x5448, lpOverlapped=0x0) returned 1 [0035.820] CloseHandle (hObject=0x44) returned 1 [0035.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x710be8 [0035.820] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\z1qw6-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\z1qw6-.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\45n-Vl_-z5dwIAG3P\\z1qw6-.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\45n-vl_-z5dwiag3p\\z1qw6-.mp3.adv")) returned 1 [0035.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x710be8 | out: hHeap=0x6d0000) returned 1 [0035.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac8 | out: hHeap=0x6d0000) returned 1 [0035.821] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4d3dc60, ftCreationTime.dwHighDateTime=0x1d5c45b, ftLastAccessTime.dwLowDateTime=0x2f156e80, ftLastAccessTime.dwHighDateTime=0x1d5b7f2, ftLastWriteTime.dwLowDateTime=0x2f156e80, ftLastWriteTime.dwHighDateTime=0x1d5b7f2, nFileSizeHigh=0x0, nFileSizeLow=0x5448, dwReserved0=0x1d5b627, dwReserved1=0xc5e48350, cFileName="z1qw6-.mp3", cAlternateFileName="")) returned 0 [0035.821] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0035.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.821] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3963fe0, ftCreationTime.dwHighDateTime=0x1d5b700, ftLastAccessTime.dwLowDateTime=0x5b0ba150, ftLastAccessTime.dwHighDateTime=0x1d5ba70, ftLastWriteTime.dwLowDateTime=0x5b0ba150, ftLastWriteTime.dwHighDateTime=0x1d5ba70, nFileSizeHigh=0x0, nFileSizeLow=0x98b3, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="9zBlE.m4a", cAlternateFileName="")) returned 1 [0035.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\9zBlE.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\9zble.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.821] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x98b3, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x98b3, lpOverlapped=0x0) returned 1 [0035.822] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.822] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x98b3, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x98b3, lpOverlapped=0x0) returned 1 [0035.822] CloseHandle (hObject=0x40) returned 1 [0035.822] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0978 [0035.822] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\9zBlE.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\9zble.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\9zBlE.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\9zble.m4a.adv")) returned 1 [0035.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.823] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c44c0d0, ftCreationTime.dwHighDateTime=0x1d5b9d7, ftLastAccessTime.dwLowDateTime=0x1e1040a0, ftLastAccessTime.dwHighDateTime=0x1d5b5b4, ftLastWriteTime.dwLowDateTime=0x1e1040a0, ftLastWriteTime.dwHighDateTime=0x1d5b5b4, nFileSizeHigh=0x0, nFileSizeLow=0x61d5, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="BcBiG.mp3", cAlternateFileName="")) returned 1 [0035.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BcBiG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bcbig.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.824] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x61d5, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x61d5, lpOverlapped=0x0) returned 1 [0035.825] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.825] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x61d5, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x61d5, lpOverlapped=0x0) returned 1 [0035.825] CloseHandle (hObject=0x40) returned 1 [0035.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0978 [0035.825] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BcBiG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bcbig.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BcBiG.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bcbig.mp3.adv")) returned 1 [0035.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.826] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x823ac090, ftCreationTime.dwHighDateTime=0x1d5c57d, ftLastAccessTime.dwLowDateTime=0xb110b540, ftLastAccessTime.dwHighDateTime=0x1d5b859, ftLastWriteTime.dwLowDateTime=0xb110b540, ftLastWriteTime.dwHighDateTime=0x1d5b859, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="BD_TgCx_a", cAlternateFileName="BD_TGC~1")) returned 1 [0035.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0978 [0035.826] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x823ac090, ftCreationTime.dwHighDateTime=0x1d5c57d, ftLastAccessTime.dwLowDateTime=0xb110b540, ftLastAccessTime.dwHighDateTime=0x1d5b859, ftLastWriteTime.dwLowDateTime=0xb110b540, ftLastWriteTime.dwHighDateTime=0x1d5b859, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x23, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0035.826] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x823ac090, ftCreationTime.dwHighDateTime=0x1d5c57d, ftLastAccessTime.dwLowDateTime=0xb110b540, ftLastAccessTime.dwHighDateTime=0x1d5b859, ftLastWriteTime.dwLowDateTime=0xb110b540, ftLastWriteTime.dwHighDateTime=0x1d5b859, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x23, cFileName="..", cAlternateFileName="")) returned 1 [0035.826] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ce885c0, ftCreationTime.dwHighDateTime=0x1d5bda5, ftLastAccessTime.dwLowDateTime=0xdd2343f0, ftLastAccessTime.dwHighDateTime=0x1d5bf5c, ftLastWriteTime.dwLowDateTime=0xdd2343f0, ftLastWriteTime.dwHighDateTime=0x1d5bf5c, nFileSizeHigh=0x0, nFileSizeLow=0xf69e, dwReserved0=0x0, dwReserved1=0x23, cFileName="LltLhVVboOr.mp3", cAlternateFileName="LLTLHV~1.MP3")) returned 1 [0035.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0035.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0aa8 [0035.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0035.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\LltLhVVboOr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bd_tgcx_a\\lltlhvvboor.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.827] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf69e, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xf69e, lpOverlapped=0x0) returned 1 [0035.828] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.828] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf69e, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xf69e, lpOverlapped=0x0) returned 1 [0035.828] CloseHandle (hObject=0x44) returned 1 [0035.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x710be8 [0035.828] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\LltLhVVboOr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bd_tgcx_a\\lltlhvvboor.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\LltLhVVboOr.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bd_tgcx_a\\lltlhvvboor.mp3.adv")) returned 1 [0035.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x710be8 | out: hHeap=0x6d0000) returned 1 [0035.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0035.829] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85ce4170, ftCreationTime.dwHighDateTime=0x1d5bb12, ftLastAccessTime.dwLowDateTime=0xadbdae40, ftLastAccessTime.dwHighDateTime=0x1d5bbbd, ftLastWriteTime.dwLowDateTime=0xadbdae40, ftLastWriteTime.dwHighDateTime=0x1d5bbbd, nFileSizeHigh=0x0, nFileSizeLow=0x152a2, dwReserved0=0x0, dwReserved1=0x23, cFileName="qcSBr7SFDWj9X.wav", cAlternateFileName="QCSBR7~1.WAV")) returned 1 [0035.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0035.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0aa8 [0035.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0035.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\qcSBr7SFDWj9X.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bd_tgcx_a\\qcsbr7sfdwj9x.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.830] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x152a2, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x152a2, lpOverlapped=0x0) returned 1 [0035.831] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.831] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x152a2, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x152a2, lpOverlapped=0x0) returned 1 [0035.831] CloseHandle (hObject=0x44) returned 1 [0035.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x710be8 [0035.831] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\qcSBr7SFDWj9X.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bd_tgcx_a\\qcsbr7sfdwj9x.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\qcSBr7SFDWj9X.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bd_tgcx_a\\qcsbr7sfdwj9x.wav.adv")) returned 1 [0035.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x710be8 | out: hHeap=0x6d0000) returned 1 [0035.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0035.832] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd65c7650, ftCreationTime.dwHighDateTime=0x1d5be07, ftLastAccessTime.dwLowDateTime=0xcf0a54d0, ftLastAccessTime.dwHighDateTime=0x1d5c456, ftLastWriteTime.dwLowDateTime=0xcf0a54d0, ftLastWriteTime.dwHighDateTime=0x1d5c456, nFileSizeHigh=0x0, nFileSizeLow=0x7197, dwReserved0=0x0, dwReserved1=0x23, cFileName="RhbpUbohQl91l q.m4a", cAlternateFileName="RHBPUB~1.M4A")) returned 1 [0035.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0035.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0aa8 [0035.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0035.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\RhbpUbohQl91l q.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bd_tgcx_a\\rhbpubohql91l q.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.833] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7197, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x7197, lpOverlapped=0x0) returned 1 [0035.834] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.834] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7197, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x7197, lpOverlapped=0x0) returned 1 [0035.834] CloseHandle (hObject=0x44) returned 1 [0035.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x710be8 [0035.834] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\RhbpUbohQl91l q.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bd_tgcx_a\\rhbpubohql91l q.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\BD_TgCx_a\\RhbpUbohQl91l q.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\bd_tgcx_a\\rhbpubohql91l q.m4a.adv")) returned 1 [0035.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x710be8 | out: hHeap=0x6d0000) returned 1 [0035.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0035.835] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd65c7650, ftCreationTime.dwHighDateTime=0x1d5be07, ftLastAccessTime.dwLowDateTime=0xcf0a54d0, ftLastAccessTime.dwHighDateTime=0x1d5c456, ftLastWriteTime.dwLowDateTime=0xcf0a54d0, ftLastWriteTime.dwHighDateTime=0x1d5c456, nFileSizeHigh=0x0, nFileSizeLow=0x7197, dwReserved0=0x0, dwReserved1=0x23, cFileName="RhbpUbohQl91l q.m4a", cAlternateFileName="RHBPUB~1.M4A")) returned 0 [0035.835] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0035.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.835] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba2e4db0, ftCreationTime.dwHighDateTime=0x1d5be9c, ftLastAccessTime.dwLowDateTime=0x33c6c5e0, ftLastAccessTime.dwHighDateTime=0x1d5c298, ftLastWriteTime.dwLowDateTime=0x33c6c5e0, ftLastWriteTime.dwHighDateTime=0x1d5c298, nFileSizeHigh=0x0, nFileSizeLow=0xb4a0, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="NO0 mX-27yu tH4h.wav", cAlternateFileName="NO0MX-~1.WAV")) returned 1 [0035.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\NO0 mX-27yu tH4h.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\no0 mx-27yu th4h.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.836] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb4a0, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xb4a0, lpOverlapped=0x0) returned 1 [0035.837] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.837] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb4a0, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xb4a0, lpOverlapped=0x0) returned 1 [0035.837] CloseHandle (hObject=0x40) returned 1 [0035.837] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0978 [0035.837] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\NO0 mX-27yu tH4h.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\no0 mx-27yu th4h.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\NO0 mX-27yu tH4h.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\no0 mx-27yu th4h.wav.adv")) returned 1 [0035.838] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.838] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6ce3ad0, ftCreationTime.dwHighDateTime=0x1d5bd80, ftLastAccessTime.dwLowDateTime=0x8c6ad770, ftLastAccessTime.dwHighDateTime=0x1d5c21d, ftLastWriteTime.dwLowDateTime=0x8c6ad770, ftLastWriteTime.dwHighDateTime=0x1d5c21d, nFileSizeHigh=0x0, nFileSizeLow=0x8c1c, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="ug9XJGK.wav", cAlternateFileName="")) returned 1 [0035.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.838] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\ug9XJGK.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\ug9xjgk.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.839] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8c1c, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x8c1c, lpOverlapped=0x0) returned 1 [0035.839] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.839] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8c1c, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x8c1c, lpOverlapped=0x0) returned 1 [0035.840] CloseHandle (hObject=0x40) returned 1 [0035.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0978 [0035.840] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\ug9XJGK.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\ug9xjgk.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\ug9XJGK.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\ug9xjgk.wav.adv")) returned 1 [0035.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.841] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8c01380, ftCreationTime.dwHighDateTime=0x1d5b729, ftLastAccessTime.dwLowDateTime=0x618644f0, ftLastAccessTime.dwHighDateTime=0x1d5be9d, ftLastWriteTime.dwLowDateTime=0x618644f0, ftLastWriteTime.dwHighDateTime=0x1d5be9d, nFileSizeHigh=0x0, nFileSizeLow=0x7810, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="x9br.mp3", cAlternateFileName="")) returned 1 [0035.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\x9br.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\x9br.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.841] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7810, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x7810, lpOverlapped=0x0) returned 1 [0035.842] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.842] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7810, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x7810, lpOverlapped=0x0) returned 1 [0035.842] CloseHandle (hObject=0x40) returned 1 [0035.842] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0978 [0035.842] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\x9br.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\x9br.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\x9br.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\x9br.mp3.adv")) returned 1 [0035.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.843] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x751b6150, ftCreationTime.dwHighDateTime=0x1d5b9dc, ftLastAccessTime.dwLowDateTime=0xf63b3e80, ftLastAccessTime.dwHighDateTime=0x1d5c4ff, ftLastWriteTime.dwLowDateTime=0xf63b3e80, ftLastWriteTime.dwHighDateTime=0x1d5c4ff, nFileSizeHigh=0x0, nFileSizeLow=0x103ea, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="xysvPpOqog9r.wav", cAlternateFileName="XYSVPP~1.WAV")) returned 1 [0035.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0035.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\xysvPpOqog9r.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\xysvppoqog9r.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.844] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x103ea, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x103ea, lpOverlapped=0x0) returned 1 [0035.845] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.845] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x103ea, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x103ea, lpOverlapped=0x0) returned 1 [0035.845] CloseHandle (hObject=0x40) returned 1 [0035.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0978 [0035.845] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\xysvPpOqog9r.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\xysvppoqog9r.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\-kdA3_UEzgu\\xysvPpOqog9r.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\-kda3_uezgu\\xysvppoqog9r.wav.adv")) returned 1 [0035.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0035.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.846] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x751b6150, ftCreationTime.dwHighDateTime=0x1d5b9dc, ftLastAccessTime.dwLowDateTime=0xf63b3e80, ftLastAccessTime.dwHighDateTime=0x1d5c4ff, ftLastWriteTime.dwLowDateTime=0xf63b3e80, ftLastWriteTime.dwHighDateTime=0x1d5c4ff, nFileSizeHigh=0x0, nFileSizeLow=0x103ea, dwReserved0=0x1d5bcea, dwReserved1=0x57a0aec0, cFileName="xysvPpOqog9r.wav", cAlternateFileName="XYSVPP~1.WAV")) returned 0 [0035.846] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0035.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2060 | out: hHeap=0x6d0000) returned 1 [0035.846] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x294f7940, ftCreationTime.dwHighDateTime=0x1d5c4fa, ftLastAccessTime.dwLowDateTime=0xb77c4ed0, ftLastAccessTime.dwHighDateTime=0x1d5bcb4, ftLastWriteTime.dwLowDateTime=0xb77c4ed0, ftLastWriteTime.dwHighDateTime=0x1d5bcb4, nFileSizeHigh=0x0, nFileSizeLow=0xc051, dwReserved0=0x0, dwReserved1=0x0, cFileName="LcTkHD0auaHD-lz02RYh.m4a", cAlternateFileName="LCTKHD~1.M4A")) returned 1 [0035.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2060 [0035.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\LcTkHD0auaHD-lz02RYh.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\lctkhd0auahd-lz02ryh.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.847] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc051, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xc051, lpOverlapped=0x0) returned 1 [0035.848] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.848] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc051, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xc051, lpOverlapped=0x0) returned 1 [0035.848] CloseHandle (hObject=0x3c) returned 1 [0035.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f08b0 [0035.848] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\LcTkHD0auaHD-lz02RYh.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\lctkhd0auahd-lz02ryh.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\LcTkHD0auaHD-lz02RYh.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\lctkhd0auahd-lz02ryh.m4a.adv")) returned 1 [0035.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2060 | out: hHeap=0x6d0000) returned 1 [0035.849] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd323d940, ftCreationTime.dwHighDateTime=0x1d5c228, ftLastAccessTime.dwLowDateTime=0x154de430, ftLastAccessTime.dwHighDateTime=0x1d5c05f, ftLastWriteTime.dwLowDateTime=0x154de430, ftLastWriteTime.dwHighDateTime=0x1d5c05f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="M6VQ_", cAlternateFileName="")) returned 1 [0035.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2060 [0035.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.849] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd323d940, ftCreationTime.dwHighDateTime=0x1d5c228, ftLastAccessTime.dwLowDateTime=0x154de430, ftLastAccessTime.dwHighDateTime=0x1d5c05f, ftLastWriteTime.dwLowDateTime=0x154de430, ftLastWriteTime.dwHighDateTime=0x1d5c05f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3b, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0035.850] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd323d940, ftCreationTime.dwHighDateTime=0x1d5c228, ftLastAccessTime.dwLowDateTime=0x154de430, ftLastAccessTime.dwHighDateTime=0x1d5c05f, ftLastWriteTime.dwLowDateTime=0x154de430, ftLastWriteTime.dwHighDateTime=0x1d5c05f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3b, cFileName="..", cAlternateFileName="")) returned 1 [0035.850] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc870b5a0, ftCreationTime.dwHighDateTime=0x1d5c399, ftLastAccessTime.dwLowDateTime=0x674c910, ftLastAccessTime.dwHighDateTime=0x1d5c019, ftLastWriteTime.dwLowDateTime=0x674c910, ftLastWriteTime.dwHighDateTime=0x1d5c019, nFileSizeHigh=0x0, nFileSizeLow=0xed7d, dwReserved0=0x0, dwReserved1=0x3b, cFileName="2XBY8.mp3", cAlternateFileName="")) returned 1 [0035.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\2XBY8.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\2xby8.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.850] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed7d, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xed7d, lpOverlapped=0x0) returned 1 [0035.852] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.852] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed7d, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xed7d, lpOverlapped=0x0) returned 1 [0035.852] CloseHandle (hObject=0x40) returned 1 [0035.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0035.852] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\2XBY8.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\2xby8.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\2XBY8.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\2xby8.mp3.adv")) returned 1 [0035.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.853] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa038f200, ftCreationTime.dwHighDateTime=0x1d5c079, ftLastAccessTime.dwLowDateTime=0xf6cffeb0, ftLastAccessTime.dwHighDateTime=0x1d5b86d, ftLastWriteTime.dwLowDateTime=0xf6cffeb0, ftLastWriteTime.dwHighDateTime=0x1d5b86d, nFileSizeHigh=0x0, nFileSizeLow=0xa443, dwReserved0=0x0, dwReserved1=0x3b, cFileName="EAQ3yh s6_IJ.m4a", cAlternateFileName="EAQ3YH~1.M4A")) returned 1 [0035.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.853] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\EAQ3yh s6_IJ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\eaq3yh s6_ij.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.854] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa443, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xa443, lpOverlapped=0x0) returned 1 [0035.854] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.855] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa443, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xa443, lpOverlapped=0x0) returned 1 [0035.855] CloseHandle (hObject=0x40) returned 1 [0035.855] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0960 [0035.855] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\EAQ3yh s6_IJ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\eaq3yh s6_ij.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\EAQ3yh s6_IJ.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\eaq3yh s6_ij.m4a.adv")) returned 1 [0035.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.856] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af4aaf0, ftCreationTime.dwHighDateTime=0x1d5b882, ftLastAccessTime.dwLowDateTime=0x2e716c0, ftLastAccessTime.dwHighDateTime=0x1d5be5e, ftLastWriteTime.dwLowDateTime=0x2e716c0, ftLastWriteTime.dwHighDateTime=0x1d5be5e, nFileSizeHigh=0x0, nFileSizeLow=0x8cfa, dwReserved0=0x0, dwReserved1=0x3b, cFileName="eZipd704TrDPxhYwZvm.mp3", cAlternateFileName="EZIPD7~1.MP3")) returned 1 [0035.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\eZipd704TrDPxhYwZvm.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\ezipd704trdpxhywzvm.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.856] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8cfa, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x8cfa, lpOverlapped=0x0) returned 1 [0035.857] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.857] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8cfa, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x8cfa, lpOverlapped=0x0) returned 1 [0035.857] CloseHandle (hObject=0x40) returned 1 [0035.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0960 [0035.857] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\eZipd704TrDPxhYwZvm.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\ezipd704trdpxhywzvm.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\eZipd704TrDPxhYwZvm.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\ezipd704trdpxhywzvm.mp3.adv")) returned 1 [0035.858] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.859] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98889510, ftCreationTime.dwHighDateTime=0x1d5bedf, ftLastAccessTime.dwLowDateTime=0xc98214b0, ftLastAccessTime.dwHighDateTime=0x1d5c601, ftLastWriteTime.dwLowDateTime=0xc98214b0, ftLastWriteTime.dwHighDateTime=0x1d5c601, nFileSizeHigh=0x0, nFileSizeLow=0x45a8, dwReserved0=0x0, dwReserved1=0x3b, cFileName="Hdw7 vMpkpFI1pZRh81.wav", cAlternateFileName="HDW7VM~1.WAV")) returned 1 [0035.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\Hdw7 vMpkpFI1pZRh81.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\hdw7 vmpkpfi1pzrh81.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.859] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x45a8, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x45a8, lpOverlapped=0x0) returned 1 [0035.860] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.860] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x45a8, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x45a8, lpOverlapped=0x0) returned 1 [0035.860] CloseHandle (hObject=0x40) returned 1 [0035.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0960 [0035.860] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\Hdw7 vMpkpFI1pZRh81.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\hdw7 vmpkpfi1pzrh81.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\Hdw7 vMpkpFI1pZRh81.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\hdw7 vmpkpfi1pzrh81.wav.adv")) returned 1 [0035.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.861] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20499d60, ftCreationTime.dwHighDateTime=0x1d5c1be, ftLastAccessTime.dwLowDateTime=0xda591f0, ftLastAccessTime.dwHighDateTime=0x1d5bf93, ftLastWriteTime.dwLowDateTime=0xda591f0, ftLastWriteTime.dwHighDateTime=0x1d5bf93, nFileSizeHigh=0x0, nFileSizeLow=0x10fc, dwReserved0=0x0, dwReserved1=0x3b, cFileName="Oz0B7tj-2uqDVHnmGE0.mp3", cAlternateFileName="OZ0B7T~1.MP3")) returned 1 [0035.861] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.861] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\Oz0B7tj-2uqDVHnmGE0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\oz0b7tj-2uqdvhnmge0.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.861] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10fc, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x10fc, lpOverlapped=0x0) returned 1 [0035.862] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.862] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10fc, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x10fc, lpOverlapped=0x0) returned 1 [0035.862] CloseHandle (hObject=0x40) returned 1 [0035.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0960 [0035.862] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\Oz0B7tj-2uqDVHnmGE0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\oz0b7tj-2uqdvhnmge0.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\Oz0B7tj-2uqDVHnmGE0.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\oz0b7tj-2uqdvhnmge0.mp3.adv")) returned 1 [0035.863] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.863] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.863] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x879abee0, ftCreationTime.dwHighDateTime=0x1d5c006, ftLastAccessTime.dwLowDateTime=0xfada7d90, ftLastAccessTime.dwHighDateTime=0x1d5bec7, ftLastWriteTime.dwLowDateTime=0xfada7d90, ftLastWriteTime.dwHighDateTime=0x1d5bec7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3b, cFileName="pQQPypTuLE-K", cAlternateFileName="PQQPYP~1")) returned 1 [0035.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.863] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0035.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\pQQPypTuLE-K\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x879abee0, ftCreationTime.dwHighDateTime=0x1d5c006, ftLastAccessTime.dwLowDateTime=0xfada7d90, ftLastAccessTime.dwHighDateTime=0x1d5bec7, ftLastWriteTime.dwLowDateTime=0xfada7d90, ftLastWriteTime.dwHighDateTime=0x1d5bec7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x22, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0035.864] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x879abee0, ftCreationTime.dwHighDateTime=0x1d5c006, ftLastAccessTime.dwLowDateTime=0xfada7d90, ftLastAccessTime.dwHighDateTime=0x1d5bec7, ftLastWriteTime.dwLowDateTime=0xfada7d90, ftLastWriteTime.dwHighDateTime=0x1d5bec7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x22, cFileName="..", cAlternateFileName="")) returned 1 [0035.864] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd05fb20, ftCreationTime.dwHighDateTime=0x1d5c490, ftLastAccessTime.dwLowDateTime=0x907b7910, ftLastAccessTime.dwHighDateTime=0x1d5b669, ftLastWriteTime.dwLowDateTime=0x907b7910, ftLastWriteTime.dwHighDateTime=0x1d5b669, nFileSizeHigh=0x0, nFileSizeLow=0x4347, dwReserved0=0x0, dwReserved1=0x22, cFileName="-JqpXKM7KvKZQ.wav", cAlternateFileName="-JQPXK~1.WAV")) returned 1 [0035.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0035.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0035.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0035.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\pQQPypTuLE-K\\-JqpXKM7KvKZQ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\pqqpyptule-k\\-jqpxkm7kvkzq.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.864] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4347, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4347, lpOverlapped=0x0) returned 1 [0035.865] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.865] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4347, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4347, lpOverlapped=0x0) returned 1 [0035.865] CloseHandle (hObject=0x44) returned 1 [0035.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x710be8 [0035.865] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\pQQPypTuLE-K\\-JqpXKM7KvKZQ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\pqqpyptule-k\\-jqpxkm7kvkzq.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\pQQPypTuLE-K\\-JqpXKM7KvKZQ.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\pqqpyptule-k\\-jqpxkm7kvkzq.wav.adv")) returned 1 [0035.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x710be8 | out: hHeap=0x6d0000) returned 1 [0035.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0035.866] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x307a92c0, ftCreationTime.dwHighDateTime=0x1d5be53, ftLastAccessTime.dwLowDateTime=0xdd63f2c0, ftLastAccessTime.dwHighDateTime=0x1d5b943, ftLastWriteTime.dwLowDateTime=0xdd63f2c0, ftLastWriteTime.dwHighDateTime=0x1d5b943, nFileSizeHigh=0x0, nFileSizeLow=0xe1dd, dwReserved0=0x0, dwReserved1=0x22, cFileName="4w Gm3dHjIpRyI2neDA.mp3", cAlternateFileName="4WGM3D~1.MP3")) returned 1 [0035.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0035.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0035.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0035.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\pQQPypTuLE-K\\4w Gm3dHjIpRyI2neDA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\pqqpyptule-k\\4w gm3dhjipryi2neda.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.866] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe1dd, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xe1dd, lpOverlapped=0x0) returned 1 [0035.868] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.868] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe1dd, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xe1dd, lpOverlapped=0x0) returned 1 [0035.868] CloseHandle (hObject=0x44) returned 1 [0035.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x710be8 [0035.868] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\pQQPypTuLE-K\\4w Gm3dHjIpRyI2neDA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\pqqpyptule-k\\4w gm3dhjipryi2neda.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\pQQPypTuLE-K\\4w Gm3dHjIpRyI2neDA.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\pqqpyptule-k\\4w gm3dhjipryi2neda.mp3.adv")) returned 1 [0035.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x710be8 | out: hHeap=0x6d0000) returned 1 [0035.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0035.869] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x307a92c0, ftCreationTime.dwHighDateTime=0x1d5be53, ftLastAccessTime.dwLowDateTime=0xdd63f2c0, ftLastAccessTime.dwHighDateTime=0x1d5b943, ftLastWriteTime.dwLowDateTime=0xdd63f2c0, ftLastWriteTime.dwHighDateTime=0x1d5b943, nFileSizeHigh=0x0, nFileSizeLow=0xe1dd, dwReserved0=0x0, dwReserved1=0x22, cFileName="4w Gm3dHjIpRyI2neDA.mp3", cAlternateFileName="4WGM3D~1.MP3")) returned 0 [0035.869] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0035.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.869] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92be9b00, ftCreationTime.dwHighDateTime=0x1d5bdab, ftLastAccessTime.dwLowDateTime=0x62da0cc0, ftLastAccessTime.dwHighDateTime=0x1d5c11c, ftLastWriteTime.dwLowDateTime=0x62da0cc0, ftLastWriteTime.dwHighDateTime=0x1d5c11c, nFileSizeHigh=0x0, nFileSizeLow=0xb27, dwReserved0=0x0, dwReserved1=0x3b, cFileName="Zfo-IJW.mp3", cAlternateFileName="")) returned 1 [0035.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\Zfo-IJW.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\zfo-ijw.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.870] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb27, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xb27, lpOverlapped=0x0) returned 1 [0035.871] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.871] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb27, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xb27, lpOverlapped=0x0) returned 1 [0035.871] CloseHandle (hObject=0x40) returned 1 [0035.871] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\Zfo-IJW.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\zfo-ijw.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\Zfo-IJW.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\zfo-ijw.mp3.adv")) returned 1 [0035.872] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.872] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.872] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36c80670, ftCreationTime.dwHighDateTime=0x1d5bbde, ftLastAccessTime.dwLowDateTime=0xc04bb910, ftLastAccessTime.dwHighDateTime=0x1d5b9a8, ftLastWriteTime.dwLowDateTime=0xc04bb910, ftLastWriteTime.dwHighDateTime=0x1d5b9a8, nFileSizeHigh=0x0, nFileSizeLow=0x706f, dwReserved0=0x0, dwReserved1=0x3b, cFileName="zw3oRcCU9SPsiAk.m4a", cAlternateFileName="ZW3ORC~1.M4A")) returned 1 [0035.872] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.872] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0035.872] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\zw3oRcCU9SPsiAk.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\zw3orccu9spsiak.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.872] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x706f, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x706f, lpOverlapped=0x0) returned 1 [0035.873] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.873] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x706f, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x706f, lpOverlapped=0x0) returned 1 [0035.873] CloseHandle (hObject=0x40) returned 1 [0035.873] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0960 [0035.873] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\zw3oRcCU9SPsiAk.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\zw3orccu9spsiak.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\M6VQ_\\zw3oRcCU9SPsiAk.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\m6vq_\\zw3orccu9spsiak.m4a.adv")) returned 1 [0035.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0035.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.874] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36c80670, ftCreationTime.dwHighDateTime=0x1d5bbde, ftLastAccessTime.dwLowDateTime=0xc04bb910, ftLastAccessTime.dwHighDateTime=0x1d5b9a8, ftLastWriteTime.dwLowDateTime=0xc04bb910, ftLastWriteTime.dwHighDateTime=0x1d5b9a8, nFileSizeHigh=0x0, nFileSizeLow=0x706f, dwReserved0=0x0, dwReserved1=0x3b, cFileName="zw3oRcCU9SPsiAk.m4a", cAlternateFileName="ZW3ORC~1.M4A")) returned 0 [0035.874] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0035.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2060 | out: hHeap=0x6d0000) returned 1 [0035.874] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc96074b0, ftCreationTime.dwHighDateTime=0x1d5c4c9, ftLastAccessTime.dwLowDateTime=0x20394570, ftLastAccessTime.dwHighDateTime=0x1d5c289, ftLastWriteTime.dwLowDateTime=0x20394570, ftLastWriteTime.dwHighDateTime=0x1d5c289, nFileSizeHigh=0x0, nFileSizeLow=0x41a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="STKoO3RoMVXpIbqVQ-.mp3", cAlternateFileName="STKOO3~1.MP3")) returned 1 [0035.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2060 [0035.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\STKoO3RoMVXpIbqVQ-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\stkoo3romvxpibqvq-.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.875] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x41a7, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x41a7, lpOverlapped=0x0) returned 1 [0035.876] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.876] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x41a7, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x41a7, lpOverlapped=0x0) returned 1 [0035.876] CloseHandle (hObject=0x3c) returned 1 [0035.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f08b0 [0035.876] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\STKoO3RoMVXpIbqVQ-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\stkoo3romvxpibqvq-.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\STKoO3RoMVXpIbqVQ-.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\stkoo3romvxpibqvq-.mp3.adv")) returned 1 [0035.877] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.877] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2060 | out: hHeap=0x6d0000) returned 1 [0035.877] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53e76f40, ftCreationTime.dwHighDateTime=0x1d5c05f, ftLastAccessTime.dwLowDateTime=0x61bd9f60, ftLastAccessTime.dwHighDateTime=0x1d5babd, ftLastWriteTime.dwLowDateTime=0x61bd9f60, ftLastWriteTime.dwHighDateTime=0x1d5babd, nFileSizeHigh=0x0, nFileSizeLow=0x7bb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="X331SU-gt-dQs.m4a", cAlternateFileName="X331SU~1.M4A")) returned 1 [0035.877] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.877] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2060 [0035.878] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\X331SU-gt-dQs.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\x331su-gt-dqs.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.878] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7bb3, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x7bb3, lpOverlapped=0x0) returned 1 [0035.879] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.879] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7bb3, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x7bb3, lpOverlapped=0x0) returned 1 [0035.879] CloseHandle (hObject=0x3c) returned 1 [0035.879] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.879] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\X331SU-gt-dQs.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\x331su-gt-dqs.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\luaXVHHwWG\\X331SU-gt-dQs.m4a.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\luaxvhhwwg\\x331su-gt-dqs.m4a.adv")) returned 1 [0035.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2060 | out: hHeap=0x6d0000) returned 1 [0035.880] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53e76f40, ftCreationTime.dwHighDateTime=0x1d5c05f, ftLastAccessTime.dwLowDateTime=0x61bd9f60, ftLastAccessTime.dwHighDateTime=0x1d5babd, ftLastWriteTime.dwLowDateTime=0x61bd9f60, ftLastWriteTime.dwHighDateTime=0x1d5babd, nFileSizeHigh=0x0, nFileSizeLow=0x7bb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="X331SU-gt-dQs.m4a", cAlternateFileName="X331SU~1.M4A")) returned 0 [0035.880] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.880] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdacaa0, ftCreationTime.dwHighDateTime=0x1d5be1f, ftLastAccessTime.dwLowDateTime=0xb85f02a0, ftLastAccessTime.dwHighDateTime=0x1d5c544, ftLastWriteTime.dwLowDateTime=0xb85f02a0, ftLastWriteTime.dwHighDateTime=0x1d5c544, nFileSizeHigh=0x0, nFileSizeLow=0x1aed, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="Of0g9a 4gUvgmPdfY2.wav", cAlternateFileName="OF0G9A~1.WAV")) returned 1 [0035.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0035.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Of0g9a 4gUvgmPdfY2.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\of0g9a 4guvgmpdfy2.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.881] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1aed, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1aed, lpOverlapped=0x0) returned 1 [0035.881] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.881] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1aed, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1aed, lpOverlapped=0x0) returned 1 [0035.881] CloseHandle (hObject=0x38) returned 1 [0035.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.882] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Of0g9a 4gUvgmPdfY2.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\of0g9a 4guvgmpdfy2.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Of0g9a 4gUvgmPdfY2.wav.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\of0g9a 4guvgmpdfy2.wav.adv")) returned 1 [0035.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.883] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25de1d80, ftCreationTime.dwHighDateTime=0x1d5b847, ftLastAccessTime.dwLowDateTime=0xad00f9f0, ftLastAccessTime.dwHighDateTime=0x1d5b657, ftLastWriteTime.dwLowDateTime=0xad00f9f0, ftLastWriteTime.dwHighDateTime=0x1d5b657, nFileSizeHigh=0x0, nFileSizeLow=0x3270, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="xbS3DWOYhBun-3NzAe.mp3", cAlternateFileName="XBS3DW~1.MP3")) returned 1 [0035.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0035.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.883] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xbS3DWOYhBun-3NzAe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xbs3dwoyhbun-3nzae.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.883] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3270, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x3270, lpOverlapped=0x0) returned 1 [0035.884] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.884] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3270, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x3270, lpOverlapped=0x0) returned 1 [0035.884] CloseHandle (hObject=0x38) returned 1 [0035.884] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.884] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xbS3DWOYhBun-3NzAe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xbs3dwoyhbun-3nzae.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xbS3DWOYhBun-3NzAe.mp3.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xbs3dwoyhbun-3nzae.mp3.adv")) returned 1 [0035.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.885] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25de1d80, ftCreationTime.dwHighDateTime=0x1d5b847, ftLastAccessTime.dwLowDateTime=0xad00f9f0, ftLastAccessTime.dwHighDateTime=0x1d5b657, ftLastWriteTime.dwLowDateTime=0xad00f9f0, ftLastWriteTime.dwHighDateTime=0x1d5b657, nFileSizeHigh=0x0, nFileSizeLow=0x3270, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="xbS3DWOYhBun-3NzAe.mp3", cAlternateFileName="XBS3DW~1.MP3")) returned 0 [0035.885] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0035.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.885] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0035.885] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.885] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed7f8 [0035.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.885] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25de1d80, ftCreationTime.dwHighDateTime=0x1d5b847, ftLastAccessTime.dwLowDateTime=0xad00f9f0, ftLastAccessTime.dwHighDateTime=0x1d5b657, ftLastWriteTime.dwLowDateTime=0xad00f9f0, ftLastWriteTime.dwHighDateTime=0x1d5b657, nFileSizeHigh=0x0, nFileSizeLow=0x3270, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="xbS3DWOYhBun-3NzAe.mp3", cAlternateFileName="")) returned 0xffffffff [0035.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.885] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0035.885] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6ed7f8 [0035.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.886] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25de1d80, ftCreationTime.dwHighDateTime=0x1d5b847, ftLastAccessTime.dwLowDateTime=0xad00f9f0, ftLastAccessTime.dwHighDateTime=0x1d5b657, ftLastWriteTime.dwLowDateTime=0xad00f9f0, ftLastWriteTime.dwHighDateTime=0x1d5b657, nFileSizeHigh=0x0, nFileSizeLow=0x3270, dwReserved0=0xa0000003, dwReserved1=0x2914fe20, cFileName="xbS3DWOYhBun-3NzAe.mp3", cAlternateFileName="")) returned 0xffffffff [0035.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.886] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c30f920, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2c30f920, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0035.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed7f8 [0035.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0035.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.886] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c16ca00, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0035.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed7f8 [0035.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0035.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.886] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0035.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed7f8 [0035.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0035.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.887] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0035.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6ed7f8 [0035.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0035.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.887] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0035.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e1f60 [0035.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0035.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.887] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0035.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e1f60 [0035.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0035.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.887] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0035.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed7f8 [0035.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0035.888] ReadFile (in: hFile=0x34, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14, lpNumberOfBytesRead=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f518*=0x14, lpOverlapped=0x0) returned 1 [0035.889] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.889] WriteFile (in: hFile=0x34, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f518*=0x14, lpOverlapped=0x0) returned 1 [0035.889] CloseHandle (hObject=0x34) returned 1 [0035.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.889] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.adv")) returned 1 [0035.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.890] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa030c8f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa030c8f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0035.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6ed7f8 [0035.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.890] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa030c8f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa030c8f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0035.891] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa030c8f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0xa030c8f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0035.891] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ebc4390, ftCreationTime.dwHighDateTime=0x1d5bdc1, ftLastAccessTime.dwLowDateTime=0x6239e100, ftLastAccessTime.dwHighDateTime=0x1d5b5eb, ftLastWriteTime.dwLowDateTime=0x6239e100, ftLastWriteTime.dwHighDateTime=0x1d5b5eb, nFileSizeHigh=0x0, nFileSizeLow=0xd90, dwReserved0=0x0, dwReserved1=0x0, cFileName="-S939v 4.gif", cAlternateFileName="-S939V~1.GIF")) returned 1 [0035.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0035.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-S939v 4.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-s939v 4.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.891] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd90, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xd90, lpOverlapped=0x0) returned 1 [0035.892] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.892] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd90, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xd90, lpOverlapped=0x0) returned 1 [0035.892] CloseHandle (hObject=0x38) returned 1 [0035.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.892] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-S939v 4.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-s939v 4.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-S939v 4.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-s939v 4.gif.adv")) returned 1 [0035.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0035.893] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5e386dc0, ftCreationTime.dwHighDateTime=0x1d5c5d5, ftLastAccessTime.dwLowDateTime=0x45ce7a50, ftLastAccessTime.dwHighDateTime=0x1d5bbfc, ftLastWriteTime.dwLowDateTime=0x45ce7a50, ftLastWriteTime.dwHighDateTime=0x1d5bbfc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3DMP", cAlternateFileName="")) returned 1 [0035.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0035.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.893] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5e386dc0, ftCreationTime.dwHighDateTime=0x1d5c5d5, ftLastAccessTime.dwLowDateTime=0x45ce7a50, ftLastAccessTime.dwHighDateTime=0x1d5bbfc, ftLastWriteTime.dwLowDateTime=0x45ce7a50, ftLastWriteTime.dwHighDateTime=0x1d5bbfc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.893] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5e386dc0, ftCreationTime.dwHighDateTime=0x1d5c5d5, ftLastAccessTime.dwLowDateTime=0x45ce7a50, ftLastAccessTime.dwHighDateTime=0x1d5bbfc, ftLastWriteTime.dwLowDateTime=0x45ce7a50, ftLastWriteTime.dwHighDateTime=0x1d5bbfc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2b, cFileName="..", cAlternateFileName="")) returned 1 [0035.893] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b6afb0, ftCreationTime.dwHighDateTime=0x1d5c48a, ftLastAccessTime.dwLowDateTime=0xa58be80, ftLastAccessTime.dwHighDateTime=0x1d5b9cd, ftLastWriteTime.dwLowDateTime=0xa58be80, ftLastWriteTime.dwHighDateTime=0x1d5b9cd, nFileSizeHigh=0x0, nFileSizeLow=0x144e7, dwReserved0=0x0, dwReserved1=0x2b, cFileName="--bAvzOf.gif", cAlternateFileName="")) returned 1 [0035.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1fc8 [0035.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\--bAvzOf.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\--bavzof.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.894] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x144e7, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x144e7, lpOverlapped=0x0) returned 1 [0035.895] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.895] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x144e7, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x144e7, lpOverlapped=0x0) returned 1 [0035.895] CloseHandle (hObject=0x3c) returned 1 [0035.895] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.895] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\--bAvzOf.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\--bavzof.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\--bAvzOf.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\--bavzof.gif.adv")) returned 1 [0035.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.896] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71205eb0, ftCreationTime.dwHighDateTime=0x1d5c48c, ftLastAccessTime.dwLowDateTime=0x592be5a0, ftLastAccessTime.dwHighDateTime=0x1d5bf22, ftLastWriteTime.dwLowDateTime=0x592be5a0, ftLastWriteTime.dwHighDateTime=0x1d5bf22, nFileSizeHigh=0x0, nFileSizeLow=0xe58c, dwReserved0=0x0, dwReserved1=0x2b, cFileName="HsS2RzLAONjWOkM.gif", cAlternateFileName="HSS2RZ~1.GIF")) returned 1 [0035.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1fc8 [0035.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\HsS2RzLAONjWOkM.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\hss2rzlaonjwokm.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.897] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe58c, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xe58c, lpOverlapped=0x0) returned 1 [0035.898] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.898] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe58c, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xe58c, lpOverlapped=0x0) returned 1 [0035.898] CloseHandle (hObject=0x3c) returned 1 [0035.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2060 [0035.898] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\HsS2RzLAONjWOkM.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\hss2rzlaonjwokm.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\HsS2RzLAONjWOkM.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\hss2rzlaonjwokm.gif.adv")) returned 1 [0035.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2060 | out: hHeap=0x6d0000) returned 1 [0035.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.899] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbeb04a0, ftCreationTime.dwHighDateTime=0x1d5c34c, ftLastAccessTime.dwLowDateTime=0xfccfb040, ftLastAccessTime.dwHighDateTime=0x1d5c21c, ftLastWriteTime.dwLowDateTime=0xfccfb040, ftLastWriteTime.dwHighDateTime=0x1d5c21c, nFileSizeHigh=0x0, nFileSizeLow=0x15232, dwReserved0=0x0, dwReserved1=0x2b, cFileName="kDDaFDVN.bmp", cAlternateFileName="")) returned 1 [0035.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1fc8 [0035.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\kDDaFDVN.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\kddafdvn.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.900] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15232, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x15232, lpOverlapped=0x0) returned 1 [0035.901] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.901] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15232, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x15232, lpOverlapped=0x0) returned 1 [0035.901] CloseHandle (hObject=0x3c) returned 1 [0035.901] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.901] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\kDDaFDVN.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\kddafdvn.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\kDDaFDVN.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\kddafdvn.bmp.adv")) returned 1 [0035.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.902] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x735dd9c0, ftCreationTime.dwHighDateTime=0x1d5bf35, ftLastAccessTime.dwLowDateTime=0x314b5d10, ftLastAccessTime.dwHighDateTime=0x1d5b64c, ftLastWriteTime.dwLowDateTime=0x314b5d10, ftLastWriteTime.dwHighDateTime=0x1d5b64c, nFileSizeHigh=0x0, nFileSizeLow=0x14153, dwReserved0=0x0, dwReserved1=0x2b, cFileName="oYAB8ul.jpg", cAlternateFileName="")) returned 1 [0035.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1fc8 [0035.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\oYAB8ul.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\oyab8ul.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.902] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14153, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x14153, lpOverlapped=0x0) returned 1 [0035.903] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.903] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14153, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x14153, lpOverlapped=0x0) returned 1 [0035.904] CloseHandle (hObject=0x3c) returned 1 [0035.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.904] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\oYAB8ul.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\oyab8ul.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\oYAB8ul.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\oyab8ul.jpg.adv")) returned 1 [0035.905] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.905] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.905] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1003f0, ftCreationTime.dwHighDateTime=0x1d5bb58, ftLastAccessTime.dwLowDateTime=0x7b54150, ftLastAccessTime.dwHighDateTime=0x1d5c227, ftLastWriteTime.dwLowDateTime=0x7b54150, ftLastWriteTime.dwHighDateTime=0x1d5c227, nFileSizeHigh=0x0, nFileSizeLow=0x478d, dwReserved0=0x0, dwReserved1=0x2b, cFileName="Qvxb5.jpg", cAlternateFileName="")) returned 1 [0035.905] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.905] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1fc8 [0035.905] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\Qvxb5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\qvxb5.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.905] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x478d, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x478d, lpOverlapped=0x0) returned 1 [0035.906] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.906] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x478d, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x478d, lpOverlapped=0x0) returned 1 [0035.906] CloseHandle (hObject=0x3c) returned 1 [0035.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.906] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\Qvxb5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\qvxb5.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\Qvxb5.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\qvxb5.jpg.adv")) returned 1 [0035.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.907] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79b41bd0, ftCreationTime.dwHighDateTime=0x1d5c049, ftLastAccessTime.dwLowDateTime=0xa0611c60, ftLastAccessTime.dwHighDateTime=0x1d5b987, ftLastWriteTime.dwLowDateTime=0xa0611c60, ftLastWriteTime.dwHighDateTime=0x1d5b987, nFileSizeHigh=0x0, nFileSizeLow=0x7810, dwReserved0=0x0, dwReserved1=0x2b, cFileName="U_SM.png", cAlternateFileName="")) returned 1 [0035.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1fc8 [0035.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\U_SM.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\u_sm.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.907] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7810, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x7810, lpOverlapped=0x0) returned 1 [0035.908] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.908] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7810, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x7810, lpOverlapped=0x0) returned 1 [0035.908] CloseHandle (hObject=0x3c) returned 1 [0035.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.909] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\U_SM.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\u_sm.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\U_SM.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\u_sm.png.adv")) returned 1 [0035.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.909] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f39b3b0, ftCreationTime.dwHighDateTime=0x1d5c3e4, ftLastAccessTime.dwLowDateTime=0x46ceacc0, ftLastAccessTime.dwHighDateTime=0x1d5babe, ftLastWriteTime.dwLowDateTime=0x46ceacc0, ftLastWriteTime.dwHighDateTime=0x1d5babe, nFileSizeHigh=0x0, nFileSizeLow=0x1833b, dwReserved0=0x0, dwReserved1=0x2b, cFileName="ZiWCOKh QeieXZNwpp.png", cAlternateFileName="ZIWCOK~1.PNG")) returned 1 [0035.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fc8 [0035.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\ZiWCOKh QeieXZNwpp.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\ziwcokh qeiexznwpp.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.910] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1833b, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1833b, lpOverlapped=0x0) returned 1 [0035.911] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.911] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1833b, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1833b, lpOverlapped=0x0) returned 1 [0035.911] CloseHandle (hObject=0x3c) returned 1 [0035.911] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2060 [0035.911] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\ZiWCOKh QeieXZNwpp.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\ziwcokh qeiexznwpp.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\ZiWCOKh QeieXZNwpp.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\ziwcokh qeiexznwpp.png.adv")) returned 1 [0035.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2060 | out: hHeap=0x6d0000) returned 1 [0035.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.912] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf026df40, ftCreationTime.dwHighDateTime=0x1d5bccb, ftLastAccessTime.dwLowDateTime=0x67583490, ftLastAccessTime.dwHighDateTime=0x1d5c57f, ftLastWriteTime.dwLowDateTime=0x67583490, ftLastWriteTime.dwHighDateTime=0x1d5c57f, nFileSizeHigh=0x0, nFileSizeLow=0x90bf, dwReserved0=0x0, dwReserved1=0x2b, cFileName="ZIXP9uruJPsgFyVCKgNh.jpg", cAlternateFileName="ZIXP9U~1.JPG")) returned 1 [0035.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.912] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fc8 [0035.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\ZIXP9uruJPsgFyVCKgNh.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\zixp9urujpsgfyvckgnh.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.913] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x90bf, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x90bf, lpOverlapped=0x0) returned 1 [0035.913] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.914] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x90bf, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x90bf, lpOverlapped=0x0) returned 1 [0035.914] CloseHandle (hObject=0x3c) returned 1 [0035.914] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2060 [0035.914] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\ZIXP9uruJPsgFyVCKgNh.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\zixp9urujpsgfyvckgnh.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3DMP\\ZIXP9uruJPsgFyVCKgNh.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3dmp\\zixp9urujpsgfyvckgnh.jpg.adv")) returned 1 [0035.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2060 | out: hHeap=0x6d0000) returned 1 [0035.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0035.915] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf026df40, ftCreationTime.dwHighDateTime=0x1d5bccb, ftLastAccessTime.dwLowDateTime=0x67583490, ftLastAccessTime.dwHighDateTime=0x1d5c57f, ftLastWriteTime.dwLowDateTime=0x67583490, ftLastWriteTime.dwHighDateTime=0x1d5c57f, nFileSizeHigh=0x0, nFileSizeLow=0x90bf, dwReserved0=0x0, dwReserved1=0x2b, cFileName="ZIXP9uruJPsgFyVCKgNh.jpg", cAlternateFileName="ZIXP9U~1.JPG")) returned 0 [0035.915] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0035.915] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfa526b0, ftCreationTime.dwHighDateTime=0x1d5b602, ftLastAccessTime.dwLowDateTime=0x3904770, ftLastAccessTime.dwHighDateTime=0x1d5bc8f, ftLastWriteTime.dwLowDateTime=0x3904770, ftLastWriteTime.dwHighDateTime=0x1d5bc8f, nFileSizeHigh=0x0, nFileSizeLow=0x3d23, dwReserved0=0x0, dwReserved1=0x0, cFileName="5neo tDchKTM.jpg", cAlternateFileName="5NEOTD~1.JPG")) returned 1 [0035.915] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.915] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0035.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5neo tDchKTM.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5neo tdchktm.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.915] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d23, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x3d23, lpOverlapped=0x0) returned 1 [0035.916] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.916] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d23, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x3d23, lpOverlapped=0x0) returned 1 [0035.916] CloseHandle (hObject=0x38) returned 1 [0035.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.919] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5neo tDchKTM.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5neo tdchktm.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5neo tDchKTM.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5neo tdchktm.jpg.adv")) returned 1 [0035.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0035.919] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x86232060, ftCreationTime.dwHighDateTime=0x1d5c4a3, ftLastAccessTime.dwLowDateTime=0xdaea2f70, ftLastAccessTime.dwHighDateTime=0x1d5be41, ftLastWriteTime.dwLowDateTime=0xdaea2f70, ftLastWriteTime.dwHighDateTime=0x1d5be41, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="d8GGA_dwTlP", cAlternateFileName="D8GGA_~1")) returned 1 [0035.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0035.920] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.920] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x86232060, ftCreationTime.dwHighDateTime=0x1d5c4a3, ftLastAccessTime.dwLowDateTime=0xdaea2f70, ftLastAccessTime.dwHighDateTime=0x1d5be41, ftLastWriteTime.dwLowDateTime=0xdaea2f70, ftLastWriteTime.dwHighDateTime=0x1d5be41, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2a, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0035.920] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x86232060, ftCreationTime.dwHighDateTime=0x1d5c4a3, ftLastAccessTime.dwLowDateTime=0xdaea2f70, ftLastAccessTime.dwHighDateTime=0x1d5be41, ftLastWriteTime.dwLowDateTime=0xdaea2f70, ftLastWriteTime.dwHighDateTime=0x1d5be41, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2a, cFileName="..", cAlternateFileName="")) returned 1 [0035.920] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x999bded0, ftCreationTime.dwHighDateTime=0x1d5bc37, ftLastAccessTime.dwLowDateTime=0x2b06b1d0, ftLastAccessTime.dwHighDateTime=0x1d5b957, ftLastWriteTime.dwLowDateTime=0x2b06b1d0, ftLastWriteTime.dwHighDateTime=0x1d5b957, nFileSizeHigh=0x0, nFileSizeLow=0x28a8, dwReserved0=0x0, dwReserved1=0x2a, cFileName="30HcJqLGENWr8Hb.bmp", cAlternateFileName="30HCJQ~1.BMP")) returned 1 [0035.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.920] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\30HcJqLGENWr8Hb.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\30hcjqlgenwr8hb.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.920] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28a8, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x28a8, lpOverlapped=0x0) returned 1 [0035.921] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.921] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28a8, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x28a8, lpOverlapped=0x0) returned 1 [0035.921] CloseHandle (hObject=0x3c) returned 1 [0035.921] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.921] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\30HcJqLGENWr8Hb.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\30hcjqlgenwr8hb.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\30HcJqLGENWr8Hb.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\30hcjqlgenwr8hb.bmp.adv")) returned 1 [0035.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.922] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x221c6430, ftCreationTime.dwHighDateTime=0x1d5ba00, ftLastAccessTime.dwLowDateTime=0x19573a00, ftLastAccessTime.dwHighDateTime=0x1d5bbd6, ftLastWriteTime.dwLowDateTime=0x19573a00, ftLastWriteTime.dwHighDateTime=0x1d5bbd6, nFileSizeHigh=0x0, nFileSizeLow=0xab37, dwReserved0=0x0, dwReserved1=0x2a, cFileName="6srsa ClBJFerJbU1H.gif", cAlternateFileName="6SRSAC~1.GIF")) returned 1 [0035.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\6srsa ClBJFerJbU1H.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\6srsa clbjferjbu1h.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.923] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xab37, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xab37, lpOverlapped=0x0) returned 1 [0035.923] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.923] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xab37, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xab37, lpOverlapped=0x0) returned 1 [0035.924] CloseHandle (hObject=0x3c) returned 1 [0035.924] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.924] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\6srsa ClBJFerJbU1H.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\6srsa clbjferjbu1h.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\6srsa ClBJFerJbU1H.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\6srsa clbjferjbu1h.gif.adv")) returned 1 [0035.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.925] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978f2190, ftCreationTime.dwHighDateTime=0x1d5c25b, ftLastAccessTime.dwLowDateTime=0x20d1da0, ftLastAccessTime.dwHighDateTime=0x1d5b65f, ftLastWriteTime.dwLowDateTime=0x20d1da0, ftLastWriteTime.dwHighDateTime=0x1d5b65f, nFileSizeHigh=0x0, nFileSizeLow=0xb6c5, dwReserved0=0x0, dwReserved1=0x2a, cFileName="agRvDiKFC4CH2bXKg-.bmp", cAlternateFileName="AGRVDI~1.BMP")) returned 1 [0035.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\agRvDiKFC4CH2bXKg-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\agrvdikfc4ch2bxkg-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.925] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb6c5, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xb6c5, lpOverlapped=0x0) returned 1 [0035.926] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.926] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb6c5, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xb6c5, lpOverlapped=0x0) returned 1 [0035.926] CloseHandle (hObject=0x3c) returned 1 [0035.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.926] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\agRvDiKFC4CH2bXKg-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\agrvdikfc4ch2bxkg-.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\agRvDiKFC4CH2bXKg-.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\agrvdikfc4ch2bxkg-.bmp.adv")) returned 1 [0035.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.927] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ec5bae0, ftCreationTime.dwHighDateTime=0x1d5c552, ftLastAccessTime.dwLowDateTime=0x3068df40, ftLastAccessTime.dwHighDateTime=0x1d5ba10, ftLastWriteTime.dwLowDateTime=0x3068df40, ftLastWriteTime.dwHighDateTime=0x1d5ba10, nFileSizeHigh=0x0, nFileSizeLow=0x15db, dwReserved0=0x0, dwReserved1=0x2a, cFileName="Eh8y idg0YEb.gif", cAlternateFileName="EH8YID~1.GIF")) returned 1 [0035.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Eh8y idg0YEb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\eh8y idg0yeb.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.928] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15db, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x15db, lpOverlapped=0x0) returned 1 [0035.928] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.928] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15db, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x15db, lpOverlapped=0x0) returned 1 [0035.928] CloseHandle (hObject=0x3c) returned 1 [0035.929] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0035.929] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Eh8y idg0YEb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\eh8y idg0yeb.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Eh8y idg0YEb.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\eh8y idg0yeb.gif.adv")) returned 1 [0035.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.930] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x94dec620, ftCreationTime.dwHighDateTime=0x1d5ba2d, ftLastAccessTime.dwLowDateTime=0xf7b2f750, ftLastAccessTime.dwHighDateTime=0x1d5b8ff, ftLastWriteTime.dwLowDateTime=0xf7b2f750, ftLastWriteTime.dwHighDateTime=0x1d5b8ff, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2a, cFileName="Euaeq", cAlternateFileName="")) returned 1 [0035.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.930] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x94dec620, ftCreationTime.dwHighDateTime=0x1d5ba2d, ftLastAccessTime.dwLowDateTime=0xf7b2f750, ftLastAccessTime.dwHighDateTime=0x1d5b8ff, ftLastWriteTime.dwLowDateTime=0xf7b2f750, ftLastWriteTime.dwHighDateTime=0x1d5b8ff, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x51, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0035.930] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x94dec620, ftCreationTime.dwHighDateTime=0x1d5ba2d, ftLastAccessTime.dwLowDateTime=0xf7b2f750, ftLastAccessTime.dwHighDateTime=0x1d5b8ff, ftLastWriteTime.dwLowDateTime=0xf7b2f750, ftLastWriteTime.dwHighDateTime=0x1d5b8ff, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x51, cFileName="..", cAlternateFileName="")) returned 1 [0035.930] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1468be0, ftCreationTime.dwHighDateTime=0x1d5c104, ftLastAccessTime.dwLowDateTime=0xd5c80370, ftLastAccessTime.dwHighDateTime=0x1d5b9b2, ftLastWriteTime.dwLowDateTime=0xd5c80370, ftLastWriteTime.dwHighDateTime=0x1d5b9b2, nFileSizeHigh=0x0, nFileSizeLow=0x138fd, dwReserved0=0x0, dwReserved1=0x51, cFileName="2Jnelzx7CDg4jg.png", cAlternateFileName="2JNELZ~1.PNG")) returned 1 [0035.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\2Jnelzx7CDg4jg.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\2jnelzx7cdg4jg.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.930] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x138fd, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x138fd, lpOverlapped=0x0) returned 1 [0035.932] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.932] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x138fd, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x138fd, lpOverlapped=0x0) returned 1 [0035.932] CloseHandle (hObject=0x40) returned 1 [0035.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f08b0 [0035.932] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\2Jnelzx7CDg4jg.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\2jnelzx7cdg4jg.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\2Jnelzx7CDg4jg.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\2jnelzx7cdg4jg.png.adv")) returned 1 [0035.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.933] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x874b9ea0, ftCreationTime.dwHighDateTime=0x1d5bcff, ftLastAccessTime.dwLowDateTime=0x8157e580, ftLastAccessTime.dwHighDateTime=0x1d5c1aa, ftLastWriteTime.dwLowDateTime=0x8157e580, ftLastWriteTime.dwHighDateTime=0x1d5c1aa, nFileSizeHigh=0x0, nFileSizeLow=0xf547, dwReserved0=0x0, dwReserved1=0x51, cFileName="3MIjAs.gif", cAlternateFileName="")) returned 1 [0035.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\3MIjAs.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\3mijas.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.933] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf547, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xf547, lpOverlapped=0x0) returned 1 [0035.934] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.934] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf547, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xf547, lpOverlapped=0x0) returned 1 [0035.935] CloseHandle (hObject=0x40) returned 1 [0035.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.935] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\3MIjAs.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\3mijas.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\3MIjAs.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\3mijas.gif.adv")) returned 1 [0035.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.936] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x420f6580, ftCreationTime.dwHighDateTime=0x1d5ba46, ftLastAccessTime.dwLowDateTime=0x31717e10, ftLastAccessTime.dwHighDateTime=0x1d5b6cd, ftLastWriteTime.dwLowDateTime=0x31717e10, ftLastWriteTime.dwHighDateTime=0x1d5b6cd, nFileSizeHigh=0x0, nFileSizeLow=0x9ad7, dwReserved0=0x0, dwReserved1=0x51, cFileName="B49PI.gif", cAlternateFileName="")) returned 1 [0035.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\B49PI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\b49pi.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.936] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9ad7, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x9ad7, lpOverlapped=0x0) returned 1 [0035.937] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.937] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9ad7, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x9ad7, lpOverlapped=0x0) returned 1 [0035.937] CloseHandle (hObject=0x40) returned 1 [0035.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.937] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\B49PI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\b49pi.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\B49PI.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\b49pi.gif.adv")) returned 1 [0035.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.938] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeb44100, ftCreationTime.dwHighDateTime=0x1d5bd35, ftLastAccessTime.dwLowDateTime=0x175ea880, ftLastAccessTime.dwHighDateTime=0x1d5c551, ftLastWriteTime.dwLowDateTime=0x175ea880, ftLastWriteTime.dwHighDateTime=0x1d5c551, nFileSizeHigh=0x0, nFileSizeLow=0x174d, dwReserved0=0x0, dwReserved1=0x51, cFileName="FVs5YwgIi bk-3i36r.gif", cAlternateFileName="FVS5YW~1.GIF")) returned 1 [0035.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\FVs5YwgIi bk-3i36r.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\fvs5ywgii bk-3i36r.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.939] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x174d, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x174d, lpOverlapped=0x0) returned 1 [0035.939] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.939] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x174d, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x174d, lpOverlapped=0x0) returned 1 [0035.939] CloseHandle (hObject=0x40) returned 1 [0035.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.940] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\FVs5YwgIi bk-3i36r.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\fvs5ywgii bk-3i36r.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\FVs5YwgIi bk-3i36r.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\fvs5ywgii bk-3i36r.gif.adv")) returned 1 [0035.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.940] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81bc6530, ftCreationTime.dwHighDateTime=0x1d5b9be, ftLastAccessTime.dwLowDateTime=0x77e7ab10, ftLastAccessTime.dwHighDateTime=0x1d5c10b, ftLastWriteTime.dwLowDateTime=0x77e7ab10, ftLastWriteTime.dwHighDateTime=0x1d5c10b, nFileSizeHigh=0x0, nFileSizeLow=0x12a0f, dwReserved0=0x0, dwReserved1=0x51, cFileName="hGrm.png", cAlternateFileName="")) returned 1 [0035.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\hGrm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hgrm.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.941] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12a0f, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x12a0f, lpOverlapped=0x0) returned 1 [0035.942] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.942] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12a0f, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x12a0f, lpOverlapped=0x0) returned 1 [0035.942] CloseHandle (hObject=0x40) returned 1 [0035.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.942] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\hGrm.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hgrm.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\hGrm.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hgrm.png.adv")) returned 1 [0035.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.943] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6125eb90, ftCreationTime.dwHighDateTime=0x1d5b741, ftLastAccessTime.dwLowDateTime=0xb4daa480, ftLastAccessTime.dwHighDateTime=0x1d5b767, ftLastWriteTime.dwLowDateTime=0xb4daa480, ftLastWriteTime.dwHighDateTime=0x1d5b767, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x51, cFileName="HW5Jo-7fn", cAlternateFileName="HW5JO-~1")) returned 1 [0035.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0035.943] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6125eb90, ftCreationTime.dwHighDateTime=0x1d5b741, ftLastAccessTime.dwLowDateTime=0xb4daa480, ftLastAccessTime.dwHighDateTime=0x1d5b767, ftLastWriteTime.dwLowDateTime=0xb4daa480, ftLastWriteTime.dwHighDateTime=0x1d5b767, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0035.944] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6125eb90, ftCreationTime.dwHighDateTime=0x1d5b741, ftLastAccessTime.dwLowDateTime=0xb4daa480, ftLastAccessTime.dwHighDateTime=0x1d5b767, ftLastWriteTime.dwLowDateTime=0xb4daa480, ftLastWriteTime.dwHighDateTime=0x1d5b767, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e, cFileName="..", cAlternateFileName="")) returned 1 [0035.944] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc49d550, ftCreationTime.dwHighDateTime=0x1d5c407, ftLastAccessTime.dwLowDateTime=0x8e48dd00, ftLastAccessTime.dwHighDateTime=0x1d5c0ae, ftLastWriteTime.dwLowDateTime=0x8e48dd00, ftLastWriteTime.dwHighDateTime=0x1d5c0ae, nFileSizeHigh=0x0, nFileSizeLow=0x13255, dwReserved0=0x0, dwReserved1=0x3e, cFileName="2nt9QLq.jpg", cAlternateFileName="")) returned 1 [0035.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0035.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0035.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\2nt9QLq.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\2nt9qlq.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.944] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13255, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x13255, lpOverlapped=0x0) returned 1 [0035.945] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.945] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13255, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x13255, lpOverlapped=0x0) returned 1 [0035.946] CloseHandle (hObject=0x44) returned 1 [0035.946] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0035.946] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\2nt9QLq.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\2nt9qlq.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\2nt9QLq.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\2nt9qlq.jpg.adv")) returned 1 [0035.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0035.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0035.947] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c038b50, ftCreationTime.dwHighDateTime=0x1d5b9fa, ftLastAccessTime.dwLowDateTime=0xfdc20030, ftLastAccessTime.dwHighDateTime=0x1d5bc21, ftLastWriteTime.dwLowDateTime=0xfdc20030, ftLastWriteTime.dwHighDateTime=0x1d5bc21, nFileSizeHigh=0x0, nFileSizeLow=0x5b36, dwReserved0=0x0, dwReserved1=0x3e, cFileName="HzOnMSApqoHr8e5X2J.png", cAlternateFileName="HZONMS~1.PNG")) returned 1 [0035.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0035.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0035.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\HzOnMSApqoHr8e5X2J.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\hzonmsapqohr8e5x2j.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.947] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5b36, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x5b36, lpOverlapped=0x0) returned 1 [0035.948] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.948] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5b36, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x5b36, lpOverlapped=0x0) returned 1 [0035.948] CloseHandle (hObject=0x44) returned 1 [0035.948] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0ac0 [0035.948] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\HzOnMSApqoHr8e5X2J.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\hzonmsapqohr8e5x2j.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\HzOnMSApqoHr8e5X2J.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\hzonmsapqohr8e5x2j.png.adv")) returned 1 [0035.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0035.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0035.949] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa354480, ftCreationTime.dwHighDateTime=0x1d5be4d, ftLastAccessTime.dwLowDateTime=0xcfdea300, ftLastAccessTime.dwHighDateTime=0x1d5bbca, ftLastWriteTime.dwLowDateTime=0xcfdea300, ftLastWriteTime.dwHighDateTime=0x1d5bbca, nFileSizeHigh=0x0, nFileSizeLow=0x70fa, dwReserved0=0x0, dwReserved1=0x3e, cFileName="OCbAyQD.bmp", cAlternateFileName="")) returned 1 [0035.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0035.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0035.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\OCbAyQD.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\ocbayqd.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.949] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x70fa, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x70fa, lpOverlapped=0x0) returned 1 [0035.950] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.950] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x70fa, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x70fa, lpOverlapped=0x0) returned 1 [0035.951] CloseHandle (hObject=0x44) returned 1 [0035.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0035.951] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\OCbAyQD.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\ocbayqd.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\OCbAyQD.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\ocbayqd.bmp.adv")) returned 1 [0035.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0035.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0035.952] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28e0c6c0, ftCreationTime.dwHighDateTime=0x1d5b966, ftLastAccessTime.dwLowDateTime=0x68cee460, ftLastAccessTime.dwHighDateTime=0x1d5bd8f, ftLastWriteTime.dwLowDateTime=0x68cee460, ftLastWriteTime.dwHighDateTime=0x1d5bd8f, nFileSizeHigh=0x0, nFileSizeLow=0x10be2, dwReserved0=0x0, dwReserved1=0x3e, cFileName="zyIiYGmZ.gif", cAlternateFileName="")) returned 1 [0035.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0035.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0035.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0035.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\zyIiYGmZ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\zyiiygmz.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0035.952] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10be2, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x10be2, lpOverlapped=0x0) returned 1 [0035.953] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.953] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10be2, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x10be2, lpOverlapped=0x0) returned 1 [0035.953] CloseHandle (hObject=0x44) returned 1 [0035.953] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0035.953] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\zyIiYGmZ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\zyiiygmz.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\HW5Jo-7fn\\zyIiYGmZ.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\hw5jo-7fn\\zyiiygmz.gif.adv")) returned 1 [0035.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0035.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0035.954] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28e0c6c0, ftCreationTime.dwHighDateTime=0x1d5b966, ftLastAccessTime.dwLowDateTime=0x68cee460, ftLastAccessTime.dwHighDateTime=0x1d5bd8f, ftLastWriteTime.dwLowDateTime=0x68cee460, ftLastWriteTime.dwHighDateTime=0x1d5bd8f, nFileSizeHigh=0x0, nFileSizeLow=0x10be2, dwReserved0=0x0, dwReserved1=0x3e, cFileName="zyIiYGmZ.gif", cAlternateFileName="")) returned 0 [0035.954] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0035.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.954] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85db2c90, ftCreationTime.dwHighDateTime=0x1d5c540, ftLastAccessTime.dwLowDateTime=0x217e8970, ftLastAccessTime.dwHighDateTime=0x1d5b782, ftLastWriteTime.dwLowDateTime=0x217e8970, ftLastWriteTime.dwHighDateTime=0x1d5b782, nFileSizeHigh=0x0, nFileSizeLow=0xab35, dwReserved0=0x0, dwReserved1=0x51, cFileName="kJinKDlK9N15UwFsJ.jpg", cAlternateFileName="KJINKD~1.JPG")) returned 1 [0035.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.955] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\kJinKDlK9N15UwFsJ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\kjinkdlk9n15uwfsj.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.955] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xab35, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0xab35, lpOverlapped=0x0) returned 1 [0035.956] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.956] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xab35, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0xab35, lpOverlapped=0x0) returned 1 [0035.956] CloseHandle (hObject=0x40) returned 1 [0035.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.956] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\kJinKDlK9N15UwFsJ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\kjinkdlk9n15uwfsj.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\kJinKDlK9N15UwFsJ.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\kjinkdlk9n15uwfsj.jpg.adv")) returned 1 [0035.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.957] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba97c800, ftCreationTime.dwHighDateTime=0x1d5bf17, ftLastAccessTime.dwLowDateTime=0xe9031cf0, ftLastAccessTime.dwHighDateTime=0x1d5c0fa, ftLastWriteTime.dwLowDateTime=0xe9031cf0, ftLastWriteTime.dwHighDateTime=0x1d5c0fa, nFileSizeHigh=0x0, nFileSizeLow=0x5578, dwReserved0=0x0, dwReserved1=0x51, cFileName="P2Np-aG.png", cAlternateFileName="")) returned 1 [0035.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\P2Np-aG.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\p2np-ag.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.957] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5578, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x5578, lpOverlapped=0x0) returned 1 [0035.958] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.958] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5578, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x5578, lpOverlapped=0x0) returned 1 [0035.959] CloseHandle (hObject=0x40) returned 1 [0035.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f08b0 [0035.959] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\P2Np-aG.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\p2np-ag.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\P2Np-aG.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\p2np-ag.png.adv")) returned 1 [0035.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.960] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e623960, ftCreationTime.dwHighDateTime=0x1d5b819, ftLastAccessTime.dwLowDateTime=0x7ad14570, ftLastAccessTime.dwHighDateTime=0x1d5bb84, ftLastWriteTime.dwLowDateTime=0x7ad14570, ftLastWriteTime.dwHighDateTime=0x1d5bb84, nFileSizeHigh=0x0, nFileSizeLow=0x7d3f, dwReserved0=0x0, dwReserved1=0x51, cFileName="Q9JdWmi0gL2wSo3Qo.gif", cAlternateFileName="Q9JDWM~1.GIF")) returned 1 [0035.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\Q9JdWmi0gL2wSo3Qo.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\q9jdwmi0gl2wso3qo.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.960] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7d3f, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x7d3f, lpOverlapped=0x0) returned 1 [0035.961] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.961] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7d3f, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x7d3f, lpOverlapped=0x0) returned 1 [0035.961] CloseHandle (hObject=0x40) returned 1 [0035.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.962] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\Q9JdWmi0gL2wSo3Qo.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\q9jdwmi0gl2wso3qo.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\Q9JdWmi0gL2wSo3Qo.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\q9jdwmi0gl2wso3qo.gif.adv")) returned 1 [0035.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.962] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76c7cc80, ftCreationTime.dwHighDateTime=0x1d5c587, ftLastAccessTime.dwLowDateTime=0xb8aa7030, ftLastAccessTime.dwHighDateTime=0x1d5b9e3, ftLastWriteTime.dwLowDateTime=0xb8aa7030, ftLastWriteTime.dwHighDateTime=0x1d5b9e3, nFileSizeHigh=0x0, nFileSizeLow=0x185d8, dwReserved0=0x0, dwReserved1=0x51, cFileName="qgBrCAsuggqeFLB6TP.jpg", cAlternateFileName="QGBRCA~1.JPG")) returned 1 [0035.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0035.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e2010 [0035.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0035.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\qgBrCAsuggqeFLB6TP.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\qgbrcasuggqeflb6tp.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0035.963] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x185d8, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x185d8, lpOverlapped=0x0) returned 1 [0035.964] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.964] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x185d8, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x185d8, lpOverlapped=0x0) returned 1 [0035.964] CloseHandle (hObject=0x40) returned 1 [0035.964] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0035.964] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\qgBrCAsuggqeFLB6TP.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\qgbrcasuggqeflb6tp.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Euaeq\\qgBrCAsuggqeFLB6TP.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\euaeq\\qgbrcasuggqeflb6tp.jpg.adv")) returned 1 [0035.965] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0035.965] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.965] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76c7cc80, ftCreationTime.dwHighDateTime=0x1d5c587, ftLastAccessTime.dwLowDateTime=0xb8aa7030, ftLastAccessTime.dwHighDateTime=0x1d5b9e3, ftLastWriteTime.dwLowDateTime=0xb8aa7030, ftLastWriteTime.dwHighDateTime=0x1d5b9e3, nFileSizeHigh=0x0, nFileSizeLow=0x185d8, dwReserved0=0x0, dwReserved1=0x51, cFileName="qgBrCAsuggqeFLB6TP.jpg", cAlternateFileName="QGBRCA~1.JPG")) returned 0 [0035.965] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0035.965] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.965] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.966] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99a9e7c0, ftCreationTime.dwHighDateTime=0x1d5bed8, ftLastAccessTime.dwLowDateTime=0x68447a60, ftLastAccessTime.dwHighDateTime=0x1d5c400, ftLastWriteTime.dwLowDateTime=0x68447a60, ftLastWriteTime.dwHighDateTime=0x1d5c400, nFileSizeHigh=0x0, nFileSizeLow=0x115df, dwReserved0=0x0, dwReserved1=0x2a, cFileName="Fvh7hhUByd-yvv0OF.gif", cAlternateFileName="FVH7HH~1.GIF")) returned 1 [0035.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Fvh7hhUByd-yvv0OF.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\fvh7hhubyd-yvv0of.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.966] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x115df, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x115df, lpOverlapped=0x0) returned 1 [0035.967] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.967] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x115df, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x115df, lpOverlapped=0x0) returned 1 [0035.967] CloseHandle (hObject=0x3c) returned 1 [0035.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.967] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Fvh7hhUByd-yvv0OF.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\fvh7hhubyd-yvv0of.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Fvh7hhUByd-yvv0OF.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\fvh7hhubyd-yvv0of.gif.adv")) returned 1 [0035.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.968] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x390cca90, ftCreationTime.dwHighDateTime=0x1d5bb13, ftLastAccessTime.dwLowDateTime=0xcd19a530, ftLastAccessTime.dwHighDateTime=0x1d5c452, ftLastWriteTime.dwLowDateTime=0xcd19a530, ftLastWriteTime.dwHighDateTime=0x1d5c452, nFileSizeHigh=0x0, nFileSizeLow=0xaffd, dwReserved0=0x0, dwReserved1=0x2a, cFileName="gqHP19JfjzkVUQkf.bmp", cAlternateFileName="GQHP19~1.BMP")) returned 1 [0035.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\gqHP19JfjzkVUQkf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\gqhp19jfjzkvuqkf.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.969] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xaffd, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xaffd, lpOverlapped=0x0) returned 1 [0035.969] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.970] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xaffd, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xaffd, lpOverlapped=0x0) returned 1 [0035.970] CloseHandle (hObject=0x3c) returned 1 [0035.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.970] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\gqHP19JfjzkVUQkf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\gqhp19jfjzkvuqkf.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\gqHP19JfjzkVUQkf.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\gqhp19jfjzkvuqkf.bmp.adv")) returned 1 [0035.971] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.971] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.971] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc45b4920, ftCreationTime.dwHighDateTime=0x1d5c093, ftLastAccessTime.dwLowDateTime=0x81fc7bd0, ftLastAccessTime.dwHighDateTime=0x1d5ba08, ftLastWriteTime.dwLowDateTime=0x81fc7bd0, ftLastWriteTime.dwHighDateTime=0x1d5ba08, nFileSizeHigh=0x0, nFileSizeLow=0x16230, dwReserved0=0x0, dwReserved1=0x2a, cFileName="l4it.gif", cAlternateFileName="")) returned 1 [0035.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.971] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\l4it.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\l4it.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.971] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16230, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x16230, lpOverlapped=0x0) returned 1 [0035.972] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.972] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16230, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x16230, lpOverlapped=0x0) returned 1 [0035.973] CloseHandle (hObject=0x3c) returned 1 [0035.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.973] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\l4it.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\l4it.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\l4it.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\l4it.gif.adv")) returned 1 [0035.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.974] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb24b38f0, ftCreationTime.dwHighDateTime=0x1d5bbfa, ftLastAccessTime.dwLowDateTime=0x4fccf3c0, ftLastAccessTime.dwHighDateTime=0x1d5c1b9, ftLastWriteTime.dwLowDateTime=0x4fccf3c0, ftLastWriteTime.dwHighDateTime=0x1d5c1b9, nFileSizeHigh=0x0, nFileSizeLow=0x4f92, dwReserved0=0x0, dwReserved1=0x2a, cFileName="LD_crI0RLfSELe7rlBc.jpg", cAlternateFileName="LD_CRI~1.JPG")) returned 1 [0035.974] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.974] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\LD_crI0RLfSELe7rlBc.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\ld_cri0rlfsele7rlbc.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.974] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f92, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x4f92, lpOverlapped=0x0) returned 1 [0035.975] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.975] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f92, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x4f92, lpOverlapped=0x0) returned 1 [0035.975] CloseHandle (hObject=0x3c) returned 1 [0035.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.975] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\LD_crI0RLfSELe7rlBc.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\ld_cri0rlfsele7rlbc.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\LD_crI0RLfSELe7rlBc.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\ld_cri0rlfsele7rlbc.jpg.adv")) returned 1 [0035.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.976] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0823800, ftCreationTime.dwHighDateTime=0x1d5b65d, ftLastAccessTime.dwLowDateTime=0x113babf0, ftLastAccessTime.dwHighDateTime=0x1d5c08e, ftLastWriteTime.dwLowDateTime=0x113babf0, ftLastWriteTime.dwHighDateTime=0x1d5c08e, nFileSizeHigh=0x0, nFileSizeLow=0xd261, dwReserved0=0x0, dwReserved1=0x2a, cFileName="rp07QOdjgN _T.gif", cAlternateFileName="RP07QO~1.GIF")) returned 1 [0035.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\rp07QOdjgN _T.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\rp07qodjgn _t.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.977] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd261, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xd261, lpOverlapped=0x0) returned 1 [0035.978] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.978] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd261, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xd261, lpOverlapped=0x0) returned 1 [0035.978] CloseHandle (hObject=0x3c) returned 1 [0035.978] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.978] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\rp07QOdjgN _T.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\rp07qodjgn _t.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\rp07QOdjgN _T.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\rp07qodjgn _t.gif.adv")) returned 1 [0035.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.979] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5472410, ftCreationTime.dwHighDateTime=0x1d5bf8d, ftLastAccessTime.dwLowDateTime=0xd0a099e0, ftLastAccessTime.dwHighDateTime=0x1d5b62c, ftLastWriteTime.dwLowDateTime=0xd0a099e0, ftLastWriteTime.dwHighDateTime=0x1d5b62c, nFileSizeHigh=0x0, nFileSizeLow=0x17885, dwReserved0=0x0, dwReserved1=0x2a, cFileName="tGYE5HpI4vvG2oU8cdC.bmp", cAlternateFileName="TGYE5H~1.BMP")) returned 1 [0035.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\tGYE5HpI4vvG2oU8cdC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\tgye5hpi4vvg2ou8cdc.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.980] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17885, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x17885, lpOverlapped=0x0) returned 1 [0035.981] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.981] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17885, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x17885, lpOverlapped=0x0) returned 1 [0035.981] CloseHandle (hObject=0x3c) returned 1 [0035.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.981] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\tGYE5HpI4vvG2oU8cdC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\tgye5hpi4vvg2ou8cdc.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\tGYE5HpI4vvG2oU8cdC.bmp.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\tgye5hpi4vvg2ou8cdc.bmp.adv")) returned 1 [0035.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.982] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x612b2740, ftCreationTime.dwHighDateTime=0x1d5b737, ftLastAccessTime.dwLowDateTime=0x2798e100, ftLastAccessTime.dwHighDateTime=0x1d5c107, ftLastWriteTime.dwLowDateTime=0x2798e100, ftLastWriteTime.dwHighDateTime=0x1d5c107, nFileSizeHigh=0x0, nFileSizeLow=0xa898, dwReserved0=0x0, dwReserved1=0x2a, cFileName="Vy9r10hGGJvSR.gif", cAlternateFileName="VY9R10~1.GIF")) returned 1 [0035.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Vy9r10hGGJvSR.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\vy9r10hggjvsr.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.983] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa898, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xa898, lpOverlapped=0x0) returned 1 [0035.983] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.983] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa898, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xa898, lpOverlapped=0x0) returned 1 [0035.984] CloseHandle (hObject=0x3c) returned 1 [0035.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.984] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Vy9r10hGGJvSR.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\vy9r10hggjvsr.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\Vy9r10hGGJvSR.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\vy9r10hggjvsr.gif.adv")) returned 1 [0035.985] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.985] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.985] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfd73570, ftCreationTime.dwHighDateTime=0x1d5b7be, ftLastAccessTime.dwLowDateTime=0x8d8f8770, ftLastAccessTime.dwHighDateTime=0x1d5b900, ftLastWriteTime.dwLowDateTime=0x8d8f8770, ftLastWriteTime.dwHighDateTime=0x1d5b900, nFileSizeHigh=0x0, nFileSizeLow=0x731f, dwReserved0=0x0, dwReserved1=0x2a, cFileName="xb-eLUM3SraP.png", cAlternateFileName="XB-ELU~1.PNG")) returned 1 [0035.985] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.985] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.985] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\xb-eLUM3SraP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\xb-elum3srap.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.985] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x731f, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x731f, lpOverlapped=0x0) returned 1 [0035.986] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.986] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x731f, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x731f, lpOverlapped=0x0) returned 1 [0035.986] CloseHandle (hObject=0x3c) returned 1 [0035.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0035.986] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\xb-eLUM3SraP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\xb-elum3srap.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\xb-eLUM3SraP.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\xb-elum3srap.png.adv")) returned 1 [0035.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.987] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cd15310, ftCreationTime.dwHighDateTime=0x1d5c4b7, ftLastAccessTime.dwLowDateTime=0x28a52310, ftLastAccessTime.dwHighDateTime=0x1d5c5f8, ftLastWriteTime.dwLowDateTime=0x28a52310, ftLastWriteTime.dwHighDateTime=0x1d5c5f8, nFileSizeHigh=0x0, nFileSizeLow=0x8050, dwReserved0=0x0, dwReserved1=0x2a, cFileName="_ayow2Clk6v58rx.gif", cAlternateFileName="_AYOW2~1.GIF")) returned 1 [0035.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0035.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0035.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0035.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\_ayow2Clk6v58rx.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\_ayow2clk6v58rx.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0035.987] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8050, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x8050, lpOverlapped=0x0) returned 1 [0035.988] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.988] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8050, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x8050, lpOverlapped=0x0) returned 1 [0035.988] CloseHandle (hObject=0x3c) returned 1 [0035.989] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0035.989] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\_ayow2Clk6v58rx.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\_ayow2clk6v58rx.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d8GGA_dwTlP\\_ayow2Clk6v58rx.gif.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d8gga_dwtlp\\_ayow2clk6v58rx.gif.adv")) returned 1 [0035.989] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0035.989] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.989] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cd15310, ftCreationTime.dwHighDateTime=0x1d5c4b7, ftLastAccessTime.dwLowDateTime=0x28a52310, ftLastAccessTime.dwHighDateTime=0x1d5c5f8, ftLastWriteTime.dwLowDateTime=0x28a52310, ftLastWriteTime.dwHighDateTime=0x1d5c5f8, nFileSizeHigh=0x0, nFileSizeLow=0x8050, dwReserved0=0x0, dwReserved1=0x2a, cFileName="_ayow2Clk6v58rx.gif", cAlternateFileName="_AYOW2~1.GIF")) returned 0 [0035.989] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0035.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0035.990] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0035.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.990] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0035.991] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.991] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0035.991] CloseHandle (hObject=0x38) returned 1 [0035.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.991] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini.adv")) returned 1 [0035.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0035.992] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5558e0, ftCreationTime.dwHighDateTime=0x1d5be1d, ftLastAccessTime.dwLowDateTime=0x94446af0, ftLastAccessTime.dwHighDateTime=0x1d5c27d, ftLastWriteTime.dwLowDateTime=0x94446af0, ftLastWriteTime.dwHighDateTime=0x1d5c27d, nFileSizeHigh=0x0, nFileSizeLow=0x6cc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="ThBOh8cv.png", cAlternateFileName="")) returned 1 [0035.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0035.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ThBOh8cv.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\thboh8cv.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.992] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6cc6, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x6cc6, lpOverlapped=0x0) returned 1 [0035.993] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.993] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6cc6, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x6cc6, lpOverlapped=0x0) returned 1 [0035.994] CloseHandle (hObject=0x38) returned 1 [0035.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0035.994] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ThBOh8cv.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\thboh8cv.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ThBOh8cv.png.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\thboh8cv.png.adv")) returned 1 [0035.995] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0035.995] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0035.995] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xded52240, ftCreationTime.dwHighDateTime=0x1d5c344, ftLastAccessTime.dwLowDateTime=0x34610fa0, ftLastAccessTime.dwHighDateTime=0x1d5b69b, ftLastWriteTime.dwLowDateTime=0x34610fa0, ftLastWriteTime.dwHighDateTime=0x1d5b69b, nFileSizeHigh=0x0, nFileSizeLow=0xe5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="YY-d8J1 vZOv.jpg", cAlternateFileName="YY-D8J~1.JPG")) returned 1 [0035.995] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.995] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0035.995] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YY-d8J1 vZOv.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yy-d8j1 vzov.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.995] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe5c8, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xe5c8, lpOverlapped=0x0) returned 1 [0035.996] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.996] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe5c8, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xe5c8, lpOverlapped=0x0) returned 1 [0035.996] CloseHandle (hObject=0x38) returned 1 [0035.996] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0035.996] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YY-d8J1 vZOv.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yy-d8j1 vzov.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YY-d8J1 vZOv.jpg.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yy-d8j1 vzov.jpg.adv")) returned 1 [0035.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0035.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0035.997] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xded52240, ftCreationTime.dwHighDateTime=0x1d5c344, ftLastAccessTime.dwLowDateTime=0x34610fa0, ftLastAccessTime.dwHighDateTime=0x1d5b69b, ftLastWriteTime.dwLowDateTime=0x34610fa0, ftLastWriteTime.dwHighDateTime=0x1d5b69b, nFileSizeHigh=0x0, nFileSizeLow=0xe5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="YY-d8J1 vZOv.jpg", cAlternateFileName="YY-D8J~1.JPG")) returned 0 [0035.997] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0035.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.997] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0035.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6ed7f8 [0035.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0035.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.997] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xded52240, ftCreationTime.dwHighDateTime=0x1d5c344, ftLastAccessTime.dwLowDateTime=0x34610fa0, ftLastAccessTime.dwHighDateTime=0x1d5b69b, ftLastWriteTime.dwLowDateTime=0x34610fa0, ftLastWriteTime.dwHighDateTime=0x1d5b69b, nFileSizeHigh=0x0, nFileSizeLow=0xe5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="YY-d8J1 vZOv.jpg", cAlternateFileName="")) returned 0xffffffff [0035.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0035.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.998] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Recent", cAlternateFileName="")) returned 1 [0035.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6ed7f8 [0035.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0035.998] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xded52240, ftCreationTime.dwHighDateTime=0x1d5c344, ftLastAccessTime.dwLowDateTime=0x34610fa0, ftLastAccessTime.dwHighDateTime=0x1d5b69b, ftLastWriteTime.dwLowDateTime=0x34610fa0, ftLastWriteTime.dwHighDateTime=0x1d5b69b, nFileSizeHigh=0x0, nFileSizeLow=0xe5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="YY-d8J1 vZOv.jpg", cAlternateFileName="")) returned 0xffffffff [0035.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0035.998] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0035.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0035.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed7f8 [0035.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0035.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0035.998] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0035.998] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0035.998] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0035.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0035.998] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1fc8 [0035.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0035.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0035.999] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0035.999] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0035.999] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0035.999] CloseHandle (hObject=0x38) returned 1 [0036.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.000] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini.adv")) returned 1 [0036.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.000] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0036.001] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0036.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0036.001] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Searches", cAlternateFileName="")) returned 1 [0036.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0036.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6ed7f8 [0036.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0036.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.001] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0036.001] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0036.001] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0036.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0036.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0036.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0036.001] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x20c, lpOverlapped=0x0) returned 1 [0036.002] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.002] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x20c, lpOverlapped=0x0) returned 1 [0036.002] CloseHandle (hObject=0x38) returned 1 [0036.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0036.002] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini.adv")) returned 1 [0036.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0036.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0036.003] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0036.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0036.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.004] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0036.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0036.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f60 [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.004] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0036.004] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0036.004] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0036.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0036.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6ed7f8 [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0036.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="")) returned 0xffffffff [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0036.004] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0036.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0036.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed7f8 [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e6780 [0036.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="")) returned 0xffffffff [0036.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0036.005] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0036.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0036.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6ed7f8 [0036.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e6780 [0036.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.005] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="")) returned 0xffffffff [0036.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.005] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9ff2e530, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9ff2e530, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Videos", cAlternateFileName="")) returned 1 [0036.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e6780 [0036.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6ed7f8 [0036.005] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9ff2e530, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9ff2e530, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0036.005] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9ff2e530, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9ff2e530, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0036.005] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a88ff90, ftCreationTime.dwHighDateTime=0x1d5bd37, ftLastAccessTime.dwLowDateTime=0x96364010, ftLastAccessTime.dwHighDateTime=0x1d5b98e, ftLastWriteTime.dwLowDateTime=0x96364010, ftLastWriteTime.dwHighDateTime=0x1d5b98e, nFileSizeHigh=0x0, nFileSizeLow=0x599b, dwReserved0=0x0, dwReserved1=0x0, cFileName="-xWPabMpma8CM094_.flv", cAlternateFileName="-XWPAB~1.FLV")) returned 1 [0036.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\-xWPabMpma8CM094_.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\-xwpabmpma8cm094_.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0036.005] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x599b, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x599b, lpOverlapped=0x0) returned 1 [0036.006] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.006] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x599b, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x599b, lpOverlapped=0x0) returned 1 [0036.006] CloseHandle (hObject=0x38) returned 1 [0036.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0036.007] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\-xWPabMpma8CM094_.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\-xwpabmpma8cm094_.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\-xWPabMpma8CM094_.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\-xwpabmpma8cm094_.flv.adv")) returned 1 [0036.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0036.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.007] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42102190, ftCreationTime.dwHighDateTime=0x1d5bda3, ftLastAccessTime.dwLowDateTime=0xea2c11b0, ftLastAccessTime.dwHighDateTime=0x1d5bf3b, ftLastWriteTime.dwLowDateTime=0xea2c11b0, ftLastWriteTime.dwHighDateTime=0x1d5bf3b, nFileSizeHigh=0x0, nFileSizeLow=0xcc67, dwReserved0=0x0, dwReserved1=0x0, cFileName="2mA0aR Qi.mp4", cAlternateFileName="2MA0AR~1.MP4")) returned 1 [0036.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.008] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\2mA0aR Qi.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\2ma0ar qi.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0036.008] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcc67, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xcc67, lpOverlapped=0x0) returned 1 [0036.009] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.009] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcc67, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xcc67, lpOverlapped=0x0) returned 1 [0036.009] CloseHandle (hObject=0x38) returned 1 [0036.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0036.009] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\2mA0aR Qi.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\2ma0ar qi.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\2mA0aR Qi.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\2ma0ar qi.mp4.adv")) returned 1 [0036.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0036.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.010] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a6db4d0, ftCreationTime.dwHighDateTime=0x1d5bf6c, ftLastAccessTime.dwLowDateTime=0xa7cd7bc0, ftLastAccessTime.dwHighDateTime=0x1d5c061, ftLastWriteTime.dwLowDateTime=0xa7cd7bc0, ftLastWriteTime.dwHighDateTime=0x1d5c061, nFileSizeHigh=0x0, nFileSizeLow=0x6db9, dwReserved0=0x0, dwReserved1=0x0, cFileName="AthWyRC9H.mkv", cAlternateFileName="ATHWYR~1.MKV")) returned 1 [0036.010] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.010] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AthWyRC9H.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\athwyrc9h.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0036.010] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6db9, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x6db9, lpOverlapped=0x0) returned 1 [0036.011] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.011] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6db9, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x6db9, lpOverlapped=0x0) returned 1 [0036.011] CloseHandle (hObject=0x38) returned 1 [0036.011] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0036.011] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AthWyRC9H.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\athwyrc9h.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AthWyRC9H.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\athwyrc9h.mkv.adv")) returned 1 [0036.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0036.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.012] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0036.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0036.013] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0036.013] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.013] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0036.014] CloseHandle (hObject=0x38) returned 1 [0036.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0036.014] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini.adv")) returned 1 [0036.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0036.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.015] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5ff7ba20, ftCreationTime.dwHighDateTime=0x1d5c54a, ftLastAccessTime.dwLowDateTime=0xb5a43270, ftLastAccessTime.dwHighDateTime=0x1d5b7dd, ftLastWriteTime.dwLowDateTime=0xb5a43270, ftLastWriteTime.dwHighDateTime=0x1d5b7dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FYIux_9TwjN25", cAlternateFileName="FYIUX_~1")) returned 1 [0036.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0036.015] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5ff7ba20, ftCreationTime.dwHighDateTime=0x1d5c54a, ftLastAccessTime.dwLowDateTime=0xb5a43270, ftLastAccessTime.dwHighDateTime=0x1d5b7dd, ftLastWriteTime.dwLowDateTime=0xb5a43270, ftLastWriteTime.dwHighDateTime=0x1d5b7dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0036.015] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5ff7ba20, ftCreationTime.dwHighDateTime=0x1d5c54a, ftLastAccessTime.dwLowDateTime=0xb5a43270, ftLastAccessTime.dwHighDateTime=0x1d5b7dd, ftLastWriteTime.dwLowDateTime=0xb5a43270, ftLastWriteTime.dwHighDateTime=0x1d5b7dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0036.015] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2703d20, ftCreationTime.dwHighDateTime=0x1d5c3fd, ftLastAccessTime.dwLowDateTime=0x97df2060, ftLastAccessTime.dwHighDateTime=0x1d5b765, ftLastWriteTime.dwLowDateTime=0x97df2060, ftLastWriteTime.dwHighDateTime=0x1d5b765, nFileSizeHigh=0x0, nFileSizeLow=0xd8af, dwReserved0=0x0, dwReserved1=0x0, cFileName="09wPjl3BbvYF1aRz.avi", cAlternateFileName="09WPJL~1.AVI")) returned 1 [0036.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\09wPjl3BbvYF1aRz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\09wpjl3bbvyf1arz.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.015] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd8af, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xd8af, lpOverlapped=0x0) returned 1 [0036.016] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.016] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd8af, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xd8af, lpOverlapped=0x0) returned 1 [0036.016] CloseHandle (hObject=0x3c) returned 1 [0036.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0036.017] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\09wPjl3BbvYF1aRz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\09wpjl3bbvyf1arz.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\09wPjl3BbvYF1aRz.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\09wpjl3bbvyf1arz.avi.adv")) returned 1 [0036.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.019] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cb91080, ftCreationTime.dwHighDateTime=0x1d5c54f, ftLastAccessTime.dwLowDateTime=0xc0abfb80, ftLastAccessTime.dwHighDateTime=0x1d5b9ea, ftLastWriteTime.dwLowDateTime=0xc0abfb80, ftLastWriteTime.dwHighDateTime=0x1d5b9ea, nFileSizeHigh=0x0, nFileSizeLow=0xa401, dwReserved0=0x0, dwReserved1=0x0, cFileName="1aUFUu03SX7T.flv", cAlternateFileName="1AUFUU~1.FLV")) returned 1 [0036.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\1aUFUu03SX7T.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\1aufuu03sx7t.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.020] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa401, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xa401, lpOverlapped=0x0) returned 1 [0036.021] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.021] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa401, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xa401, lpOverlapped=0x0) returned 1 [0036.021] CloseHandle (hObject=0x3c) returned 1 [0036.021] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.021] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\1aUFUu03SX7T.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\1aufuu03sx7t.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\1aUFUu03SX7T.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\1aufuu03sx7t.flv.adv")) returned 1 [0036.022] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.022] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.022] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea4b6950, ftCreationTime.dwHighDateTime=0x1d5c5b9, ftLastAccessTime.dwLowDateTime=0x8606a3e0, ftLastAccessTime.dwHighDateTime=0x1d5c1d3, ftLastWriteTime.dwLowDateTime=0x8606a3e0, ftLastWriteTime.dwHighDateTime=0x1d5c1d3, nFileSizeHigh=0x0, nFileSizeLow=0x121d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="4thjDZ92xSB1Q.flv", cAlternateFileName="4THJDZ~1.FLV")) returned 1 [0036.022] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.022] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.022] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\4thjDZ92xSB1Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\4thjdz92xsb1q.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.022] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x121d6, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x121d6, lpOverlapped=0x0) returned 1 [0036.024] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.024] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x121d6, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x121d6, lpOverlapped=0x0) returned 1 [0036.024] CloseHandle (hObject=0x3c) returned 1 [0036.024] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0036.024] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\4thjDZ92xSB1Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\4thjdz92xsb1q.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\4thjDZ92xSB1Q.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\4thjdz92xsb1q.flv.adv")) returned 1 [0036.025] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.025] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.025] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a3d4090, ftCreationTime.dwHighDateTime=0x1d5c5fd, ftLastAccessTime.dwLowDateTime=0xd28893f0, ftLastAccessTime.dwHighDateTime=0x1d5b8c2, ftLastWriteTime.dwLowDateTime=0xd28893f0, ftLastWriteTime.dwHighDateTime=0x1d5b8c2, nFileSizeHigh=0x0, nFileSizeLow=0x1723a, dwReserved0=0x0, dwReserved1=0x0, cFileName="auIPqAM.mkv", cAlternateFileName="")) returned 1 [0036.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.025] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\auIPqAM.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\auipqam.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.025] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1723a, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1723a, lpOverlapped=0x0) returned 1 [0036.026] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.027] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1723a, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1723a, lpOverlapped=0x0) returned 1 [0036.027] CloseHandle (hObject=0x3c) returned 1 [0036.027] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.027] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\auIPqAM.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\auipqam.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\auIPqAM.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\auipqam.mkv.adv")) returned 1 [0036.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.028] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c3acc80, ftCreationTime.dwHighDateTime=0x1d5ba64, ftLastAccessTime.dwLowDateTime=0xfc223a00, ftLastAccessTime.dwHighDateTime=0x1d5c19f, ftLastWriteTime.dwLowDateTime=0xfc223a00, ftLastWriteTime.dwHighDateTime=0x1d5c19f, nFileSizeHigh=0x0, nFileSizeLow=0x12b83, dwReserved0=0x0, dwReserved1=0x0, cFileName="crDXzNcZVF 7.flv", cAlternateFileName="CRDXZN~1.FLV")) returned 1 [0036.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\crDXzNcZVF 7.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\crdxznczvf 7.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.028] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12b83, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x12b83, lpOverlapped=0x0) returned 1 [0036.029] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.029] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12b83, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x12b83, lpOverlapped=0x0) returned 1 [0036.029] CloseHandle (hObject=0x3c) returned 1 [0036.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.030] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\crDXzNcZVF 7.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\crdxznczvf 7.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\crDXzNcZVF 7.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\crdxznczvf 7.flv.adv")) returned 1 [0036.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.031] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8257000, ftCreationTime.dwHighDateTime=0x1d5bacc, ftLastAccessTime.dwLowDateTime=0x2c704a10, ftLastAccessTime.dwHighDateTime=0x1d5c201, ftLastWriteTime.dwLowDateTime=0x2c704a10, ftLastWriteTime.dwHighDateTime=0x1d5c201, nFileSizeHigh=0x0, nFileSizeLow=0x141d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="cuWwcipJDC.flv", cAlternateFileName="CUWWCI~1.FLV")) returned 1 [0036.031] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.031] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.031] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\cuWwcipJDC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\cuwwcipjdc.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.031] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x141d2, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x141d2, lpOverlapped=0x0) returned 1 [0036.032] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.032] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x141d2, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x141d2, lpOverlapped=0x0) returned 1 [0036.032] CloseHandle (hObject=0x3c) returned 1 [0036.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.033] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\cuWwcipJDC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\cuwwcipjdc.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\cuWwcipJDC.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\cuwwcipjdc.flv.adv")) returned 1 [0036.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.033] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc293b380, ftCreationTime.dwHighDateTime=0x1d5bb38, ftLastAccessTime.dwLowDateTime=0xd38d3b10, ftLastAccessTime.dwHighDateTime=0x1d5bb25, ftLastWriteTime.dwLowDateTime=0xd38d3b10, ftLastWriteTime.dwHighDateTime=0x1d5bb25, nFileSizeHigh=0x0, nFileSizeLow=0x1742d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eiCJ7mb 90mMKU2r3.avi", cAlternateFileName="EICJ7M~1.AVI")) returned 1 [0036.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.034] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\eiCJ7mb 90mMKU2r3.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\eicj7mb 90mmku2r3.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.034] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1742d, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1742d, lpOverlapped=0x0) returned 1 [0036.035] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.035] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1742d, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1742d, lpOverlapped=0x0) returned 1 [0036.035] CloseHandle (hObject=0x3c) returned 1 [0036.035] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0036.035] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\eiCJ7mb 90mMKU2r3.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\eicj7mb 90mmku2r3.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\eiCJ7mb 90mMKU2r3.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\eicj7mb 90mmku2r3.avi.adv")) returned 1 [0036.038] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.038] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.038] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ef25c80, ftCreationTime.dwHighDateTime=0x1d5b69a, ftLastAccessTime.dwLowDateTime=0xedfe55b0, ftLastAccessTime.dwHighDateTime=0x1d5c278, ftLastWriteTime.dwLowDateTime=0xedfe55b0, ftLastWriteTime.dwHighDateTime=0x1d5c278, nFileSizeHigh=0x0, nFileSizeLow=0x11a17, dwReserved0=0x0, dwReserved1=0x0, cFileName="G7YJ5tdrbeD5b1z.avi", cAlternateFileName="G7YJ5T~1.AVI")) returned 1 [0036.038] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.038] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.038] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\G7YJ5tdrbeD5b1z.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\g7yj5tdrbed5b1z.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.039] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11a17, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x11a17, lpOverlapped=0x0) returned 1 [0036.040] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.040] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11a17, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x11a17, lpOverlapped=0x0) returned 1 [0036.040] CloseHandle (hObject=0x3c) returned 1 [0036.040] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0036.040] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\G7YJ5tdrbeD5b1z.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\g7yj5tdrbed5b1z.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\G7YJ5tdrbeD5b1z.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\g7yj5tdrbed5b1z.avi.adv")) returned 1 [0036.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.041] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0cb2a60, ftCreationTime.dwHighDateTime=0x1d5c44b, ftLastAccessTime.dwLowDateTime=0x1d266e50, ftLastAccessTime.dwHighDateTime=0x1d5bfa3, ftLastWriteTime.dwLowDateTime=0x1d266e50, ftLastWriteTime.dwHighDateTime=0x1d5bfa3, nFileSizeHigh=0x0, nFileSizeLow=0x7629, dwReserved0=0x0, dwReserved1=0x0, cFileName="j8vm_EMAn kKNoqFCe.flv", cAlternateFileName="J8VM_E~1.FLV")) returned 1 [0036.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.041] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.041] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\j8vm_EMAn kKNoqFCe.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\j8vm_eman kknoqfce.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.042] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7629, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x7629, lpOverlapped=0x0) returned 1 [0036.042] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.042] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7629, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x7629, lpOverlapped=0x0) returned 1 [0036.043] CloseHandle (hObject=0x3c) returned 1 [0036.043] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0036.043] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\j8vm_EMAn kKNoqFCe.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\j8vm_eman kknoqfce.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\j8vm_EMAn kKNoqFCe.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\j8vm_eman kknoqfce.flv.adv")) returned 1 [0036.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.044] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e01c0, ftCreationTime.dwHighDateTime=0x1d5c240, ftLastAccessTime.dwLowDateTime=0x73af3410, ftLastAccessTime.dwHighDateTime=0x1d5ba11, ftLastWriteTime.dwLowDateTime=0x73af3410, ftLastWriteTime.dwHighDateTime=0x1d5ba11, nFileSizeHigh=0x0, nFileSizeLow=0xe846, dwReserved0=0x0, dwReserved1=0x0, cFileName="l4Vh0YWCZgvjTkB Nc.mp4", cAlternateFileName="L4VH0Y~1.MP4")) returned 1 [0036.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\l4Vh0YWCZgvjTkB Nc.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\l4vh0ywczgvjtkb nc.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.044] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe846, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xe846, lpOverlapped=0x0) returned 1 [0036.045] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.045] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe846, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xe846, lpOverlapped=0x0) returned 1 [0036.046] CloseHandle (hObject=0x3c) returned 1 [0036.046] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\l4Vh0YWCZgvjTkB Nc.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\l4vh0ywczgvjtkb nc.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\l4Vh0YWCZgvjTkB Nc.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\l4vh0ywczgvjtkb nc.mp4.adv")) returned 1 [0036.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.047] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84e8fd0, ftCreationTime.dwHighDateTime=0x1d5b70a, ftLastAccessTime.dwLowDateTime=0x5ef53180, ftLastAccessTime.dwHighDateTime=0x1d5b694, ftLastWriteTime.dwLowDateTime=0x5ef53180, ftLastWriteTime.dwHighDateTime=0x1d5b694, nFileSizeHigh=0x0, nFileSizeLow=0x24e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="O4z9sNlWo6G0D-6dyRam.mp4", cAlternateFileName="O4Z9SN~1.MP4")) returned 1 [0036.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\O4z9sNlWo6G0D-6dyRam.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\o4z9snlwo6g0d-6dyram.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.047] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24e6, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x24e6, lpOverlapped=0x0) returned 1 [0036.048] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.048] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24e6, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x24e6, lpOverlapped=0x0) returned 1 [0036.048] CloseHandle (hObject=0x3c) returned 1 [0036.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0036.048] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\O4z9sNlWo6G0D-6dyRam.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\o4z9snlwo6g0d-6dyram.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\O4z9sNlWo6G0D-6dyRam.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\o4z9snlwo6g0d-6dyram.mp4.adv")) returned 1 [0036.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.049] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabd2150, ftCreationTime.dwHighDateTime=0x1d5bb5c, ftLastAccessTime.dwLowDateTime=0xa70d9d80, ftLastAccessTime.dwHighDateTime=0x1d5b866, ftLastWriteTime.dwLowDateTime=0xa70d9d80, ftLastWriteTime.dwHighDateTime=0x1d5b866, nFileSizeHigh=0x0, nFileSizeLow=0xb267, dwReserved0=0x0, dwReserved1=0x0, cFileName="xIrAJ.mkv", cAlternateFileName="")) returned 1 [0036.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\xIrAJ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\xiraj.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.049] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb267, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xb267, lpOverlapped=0x0) returned 1 [0036.050] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.050] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb267, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xb267, lpOverlapped=0x0) returned 1 [0036.051] CloseHandle (hObject=0x3c) returned 1 [0036.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.051] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\xIrAJ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\xiraj.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\xIrAJ.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\xiraj.mkv.adv")) returned 1 [0036.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.052] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b8f68a0, ftCreationTime.dwHighDateTime=0x1d5b7b6, ftLastAccessTime.dwLowDateTime=0xcf18ef60, ftLastAccessTime.dwHighDateTime=0x1d5c549, ftLastWriteTime.dwLowDateTime=0xcf18ef60, ftLastWriteTime.dwHighDateTime=0x1d5c549, nFileSizeHigh=0x0, nFileSizeLow=0x4139, dwReserved0=0x0, dwReserved1=0x0, cFileName="YAZpdDU6WnMbLvW.flv", cAlternateFileName="YAZPDD~1.FLV")) returned 1 [0036.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.052] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\YAZpdDU6WnMbLvW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\yazpddu6wnmblvw.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.052] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4139, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x4139, lpOverlapped=0x0) returned 1 [0036.053] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.053] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4139, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x4139, lpOverlapped=0x0) returned 1 [0036.053] CloseHandle (hObject=0x3c) returned 1 [0036.053] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0036.053] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\YAZpdDU6WnMbLvW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\yazpddu6wnmblvw.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\FYIux_9TwjN25\\YAZpdDU6WnMbLvW.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fyiux_9twjn25\\yazpddu6wnmblvw.flv.adv")) returned 1 [0036.054] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.054] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.054] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b8f68a0, ftCreationTime.dwHighDateTime=0x1d5b7b6, ftLastAccessTime.dwLowDateTime=0xcf18ef60, ftLastAccessTime.dwHighDateTime=0x1d5c549, ftLastWriteTime.dwLowDateTime=0xcf18ef60, ftLastWriteTime.dwHighDateTime=0x1d5c549, nFileSizeHigh=0x0, nFileSizeLow=0x4139, dwReserved0=0x0, dwReserved1=0x0, cFileName="YAZpdDU6WnMbLvW.flv", cAlternateFileName="YAZPDD~1.FLV")) returned 0 [0036.054] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0036.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0036.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.055] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59c10170, ftCreationTime.dwHighDateTime=0x1d5b5a5, ftLastAccessTime.dwLowDateTime=0xa71d1500, ftLastAccessTime.dwHighDateTime=0x1d5bf44, ftLastWriteTime.dwLowDateTime=0xa71d1500, ftLastWriteTime.dwHighDateTime=0x1d5bf44, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GIIea", cAlternateFileName="")) returned 1 [0036.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f60 [0036.055] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59c10170, ftCreationTime.dwHighDateTime=0x1d5b5a5, ftLastAccessTime.dwLowDateTime=0xa71d1500, ftLastAccessTime.dwHighDateTime=0x1d5bf44, ftLastWriteTime.dwLowDateTime=0xa71d1500, ftLastWriteTime.dwHighDateTime=0x1d5bf44, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0036.055] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59c10170, ftCreationTime.dwHighDateTime=0x1d5b5a5, ftLastAccessTime.dwLowDateTime=0xa71d1500, ftLastAccessTime.dwHighDateTime=0x1d5bf44, ftLastWriteTime.dwLowDateTime=0xa71d1500, ftLastWriteTime.dwHighDateTime=0x1d5bf44, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0036.055] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6c88790, ftCreationTime.dwHighDateTime=0x1d5bfc7, ftLastAccessTime.dwLowDateTime=0xa8aced10, ftLastAccessTime.dwHighDateTime=0x1d5bd31, ftLastWriteTime.dwLowDateTime=0xa8aced10, ftLastWriteTime.dwHighDateTime=0x1d5bd31, nFileSizeHigh=0x0, nFileSizeLow=0x1837b, dwReserved0=0x0, dwReserved1=0x0, cFileName="DxPg IqEa145XvLvaB0R.mp4", cAlternateFileName="DXPGIQ~1.MP4")) returned 1 [0036.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fc8 [0036.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2030 [0036.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\DxPg IqEa145XvLvaB0R.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\dxpg iqea145xvlvab0r.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.055] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1837b, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1837b, lpOverlapped=0x0) returned 1 [0036.057] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.057] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1837b, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1837b, lpOverlapped=0x0) returned 1 [0036.057] CloseHandle (hObject=0x3c) returned 1 [0036.057] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0036.057] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\DxPg IqEa145XvLvaB0R.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\dxpg iqea145xvlvab0r.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\DxPg IqEa145XvLvaB0R.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\dxpg iqea145xvlvab0r.mp4.adv")) returned 1 [0036.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0036.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2030 | out: hHeap=0x6d0000) returned 1 [0036.058] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15e64f10, ftCreationTime.dwHighDateTime=0x1d5b8c9, ftLastAccessTime.dwLowDateTime=0x8d6a0f90, ftLastAccessTime.dwHighDateTime=0x1d5c0cb, ftLastWriteTime.dwLowDateTime=0x8d6a0f90, ftLastWriteTime.dwHighDateTime=0x1d5c0cb, nFileSizeHigh=0x0, nFileSizeLow=0x8884, dwReserved0=0x0, dwReserved1=0x0, cFileName="EbH015QEPzwk0mPpgyu.mkv", cAlternateFileName="EBH015~1.MKV")) returned 1 [0036.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fc8 [0036.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2030 [0036.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\EbH015QEPzwk0mPpgyu.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\ebh015qepzwk0mppgyu.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.058] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8884, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x8884, lpOverlapped=0x0) returned 1 [0036.059] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.059] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8884, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x8884, lpOverlapped=0x0) returned 1 [0036.059] CloseHandle (hObject=0x3c) returned 1 [0036.060] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0036.060] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\EbH015QEPzwk0mPpgyu.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\ebh015qepzwk0mppgyu.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\EbH015QEPzwk0mPpgyu.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\ebh015qepzwk0mppgyu.mkv.adv")) returned 1 [0036.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0036.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2030 | out: hHeap=0x6d0000) returned 1 [0036.061] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddeb6ba0, ftCreationTime.dwHighDateTime=0x1d5c39e, ftLastAccessTime.dwLowDateTime=0x980fc10, ftLastAccessTime.dwHighDateTime=0x1d5bd02, ftLastWriteTime.dwLowDateTime=0x980fc10, ftLastWriteTime.dwHighDateTime=0x1d5bd02, nFileSizeHigh=0x0, nFileSizeLow=0xdfa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="fqbONWw-SVpgdTx7.avi", cAlternateFileName="FQBONW~1.AVI")) returned 1 [0036.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fc8 [0036.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2030 [0036.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\fqbONWw-SVpgdTx7.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\fqbonww-svpgdtx7.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.061] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdfa6, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xdfa6, lpOverlapped=0x0) returned 1 [0036.062] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.062] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdfa6, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xdfa6, lpOverlapped=0x0) returned 1 [0036.062] CloseHandle (hObject=0x3c) returned 1 [0036.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0036.062] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\fqbONWw-SVpgdTx7.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\fqbonww-svpgdtx7.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\fqbONWw-SVpgdTx7.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\fqbonww-svpgdtx7.avi.adv")) returned 1 [0036.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0036.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2030 | out: hHeap=0x6d0000) returned 1 [0036.063] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1867fa0, ftCreationTime.dwHighDateTime=0x1d5b931, ftLastAccessTime.dwLowDateTime=0x9c1d8840, ftLastAccessTime.dwHighDateTime=0x1d5b6b3, ftLastWriteTime.dwLowDateTime=0x9c1d8840, ftLastWriteTime.dwHighDateTime=0x1d5b6b3, nFileSizeHigh=0x0, nFileSizeLow=0x5c24, dwReserved0=0x0, dwReserved1=0x0, cFileName="GOL_vh o.avi", cAlternateFileName="GOL_VH~1.AVI")) returned 1 [0036.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fc8 [0036.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2030 [0036.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\GOL_vh o.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\gol_vh o.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.064] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5c24, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x5c24, lpOverlapped=0x0) returned 1 [0036.064] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.064] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5c24, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x5c24, lpOverlapped=0x0) returned 1 [0036.065] CloseHandle (hObject=0x3c) returned 1 [0036.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.065] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\GOL_vh o.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\gol_vh o.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\GOL_vh o.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\gol_vh o.avi.adv")) returned 1 [0036.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2030 | out: hHeap=0x6d0000) returned 1 [0036.066] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d687890, ftCreationTime.dwHighDateTime=0x1d5c354, ftLastAccessTime.dwLowDateTime=0xc6ab1910, ftLastAccessTime.dwHighDateTime=0x1d5b8de, ftLastWriteTime.dwLowDateTime=0xc6ab1910, ftLastWriteTime.dwHighDateTime=0x1d5b8de, nFileSizeHigh=0x0, nFileSizeLow=0x1711c, dwReserved0=0x0, dwReserved1=0x0, cFileName="J9CUWMToNRmnE.mp4", cAlternateFileName="J9CUWM~1.MP4")) returned 1 [0036.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fc8 [0036.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2030 [0036.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\J9CUWMToNRmnE.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\j9cuwmtonrmne.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.066] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1711c, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1711c, lpOverlapped=0x0) returned 1 [0036.067] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.067] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1711c, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1711c, lpOverlapped=0x0) returned 1 [0036.068] CloseHandle (hObject=0x3c) returned 1 [0036.068] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0036.068] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\J9CUWMToNRmnE.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\j9cuwmtonrmne.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\J9CUWMToNRmnE.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\j9cuwmtonrmne.mp4.adv")) returned 1 [0036.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0036.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2030 | out: hHeap=0x6d0000) returned 1 [0036.069] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc23b52f0, ftCreationTime.dwHighDateTime=0x1d5c01d, ftLastAccessTime.dwLowDateTime=0xc7b83300, ftLastAccessTime.dwHighDateTime=0x1d5b880, ftLastWriteTime.dwLowDateTime=0xc7b83300, ftLastWriteTime.dwHighDateTime=0x1d5b880, nFileSizeHigh=0x0, nFileSizeLow=0x11aae, dwReserved0=0x0, dwReserved1=0x0, cFileName="n0RiftFCm7PbhD9 g.avi", cAlternateFileName="N0RIFT~1.AVI")) returned 1 [0036.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fc8 [0036.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2030 [0036.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\n0RiftFCm7PbhD9 g.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\n0riftfcm7pbhd9 g.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.069] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11aae, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x11aae, lpOverlapped=0x0) returned 1 [0036.070] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.070] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11aae, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x11aae, lpOverlapped=0x0) returned 1 [0036.071] CloseHandle (hObject=0x3c) returned 1 [0036.071] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0036.071] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\n0RiftFCm7PbhD9 g.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\n0riftfcm7pbhd9 g.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\n0RiftFCm7PbhD9 g.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\n0riftfcm7pbhd9 g.avi.adv")) returned 1 [0036.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0036.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2030 | out: hHeap=0x6d0000) returned 1 [0036.072] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d4c47c0, ftCreationTime.dwHighDateTime=0x1d5b925, ftLastAccessTime.dwLowDateTime=0x69a6d3a0, ftLastAccessTime.dwHighDateTime=0x1d5c47b, ftLastWriteTime.dwLowDateTime=0x69a6d3a0, ftLastWriteTime.dwHighDateTime=0x1d5c47b, nFileSizeHigh=0x0, nFileSizeLow=0x1771d, dwReserved0=0x0, dwReserved1=0x0, cFileName="oCJYf_.mp4", cAlternateFileName="")) returned 1 [0036.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fc8 [0036.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2030 [0036.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\oCJYf_.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\ocjyf_.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.072] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1771d, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1771d, lpOverlapped=0x0) returned 1 [0036.073] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.073] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1771d, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1771d, lpOverlapped=0x0) returned 1 [0036.073] CloseHandle (hObject=0x3c) returned 1 [0036.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.074] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\oCJYf_.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\ocjyf_.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\oCJYf_.mp4.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\ocjyf_.mp4.adv")) returned 1 [0036.074] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.074] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2030 | out: hHeap=0x6d0000) returned 1 [0036.074] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd549680, ftCreationTime.dwHighDateTime=0x1d5b7a2, ftLastAccessTime.dwLowDateTime=0xf64b8d30, ftLastAccessTime.dwHighDateTime=0x1d5c536, ftLastWriteTime.dwLowDateTime=0xf64b8d30, ftLastWriteTime.dwHighDateTime=0x1d5c536, nFileSizeHigh=0x0, nFileSizeLow=0x71dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="pR5N-.avi", cAlternateFileName="")) returned 1 [0036.074] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fc8 [0036.074] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2030 [0036.074] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\pR5N-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\pr5n-.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.075] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x71dc, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x71dc, lpOverlapped=0x0) returned 1 [0036.076] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.076] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x71dc, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x71dc, lpOverlapped=0x0) returned 1 [0036.076] CloseHandle (hObject=0x3c) returned 1 [0036.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.076] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\pR5N-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\pr5n-.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\pR5N-.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\pr5n-.avi.adv")) returned 1 [0036.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2030 | out: hHeap=0x6d0000) returned 1 [0036.077] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53800ed0, ftCreationTime.dwHighDateTime=0x1d5bdd6, ftLastAccessTime.dwLowDateTime=0x390cf4c0, ftLastAccessTime.dwHighDateTime=0x1d5bbdb, ftLastWriteTime.dwLowDateTime=0x390cf4c0, ftLastWriteTime.dwHighDateTime=0x1d5bbdb, nFileSizeHigh=0x0, nFileSizeLow=0x8e9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="u_J_ZfQ.avi", cAlternateFileName="")) returned 1 [0036.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fc8 [0036.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2030 [0036.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fc8 | out: hHeap=0x6d0000) returned 1 [0036.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\u_J_ZfQ.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\u_j_zfq.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.078] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8e9e, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x8e9e, lpOverlapped=0x0) returned 1 [0036.078] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.078] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8e9e, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x8e9e, lpOverlapped=0x0) returned 1 [0036.079] CloseHandle (hObject=0x3c) returned 1 [0036.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.079] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\u_J_ZfQ.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\u_j_zfq.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\GIIea\\u_J_ZfQ.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\giiea\\u_j_zfq.avi.adv")) returned 1 [0036.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2030 | out: hHeap=0x6d0000) returned 1 [0036.080] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53800ed0, ftCreationTime.dwHighDateTime=0x1d5bdd6, ftLastAccessTime.dwLowDateTime=0x390cf4c0, ftLastAccessTime.dwHighDateTime=0x1d5bbdb, ftLastWriteTime.dwLowDateTime=0x390cf4c0, ftLastWriteTime.dwHighDateTime=0x1d5bbdb, nFileSizeHigh=0x0, nFileSizeLow=0x8e9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="u_J_ZfQ.avi", cAlternateFileName="")) returned 0 [0036.080] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0036.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.080] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafddc5c0, ftCreationTime.dwHighDateTime=0x1d5be47, ftLastAccessTime.dwLowDateTime=0x4fe15360, ftLastAccessTime.dwHighDateTime=0x1d5c1eb, ftLastWriteTime.dwLowDateTime=0x4fe15360, ftLastWriteTime.dwHighDateTime=0x1d5c1eb, nFileSizeHigh=0x0, nFileSizeLow=0x60af, dwReserved0=0x0, dwReserved1=0x0, cFileName="JbGvuHDeX0QOk my9.avi", cAlternateFileName="JBGVUH~1.AVI")) returned 1 [0036.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\JbGvuHDeX0QOk my9.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jbgvuhdex0qok my9.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0036.080] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x60af, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x60af, lpOverlapped=0x0) returned 1 [0036.081] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.081] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x60af, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x60af, lpOverlapped=0x0) returned 1 [0036.081] CloseHandle (hObject=0x38) returned 1 [0036.081] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0036.081] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\JbGvuHDeX0QOk my9.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jbgvuhdex0qok my9.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\JbGvuHDeX0QOk my9.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jbgvuhdex0qok my9.avi.adv")) returned 1 [0036.082] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0036.082] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.082] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85b7c280, ftCreationTime.dwHighDateTime=0x1d5b8bd, ftLastAccessTime.dwLowDateTime=0xcb8dd840, ftLastAccessTime.dwHighDateTime=0x1d5ba92, ftLastWriteTime.dwLowDateTime=0xcb8dd840, ftLastWriteTime.dwHighDateTime=0x1d5ba92, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jVPrYs_W4-lQAk", cAlternateFileName="JVPRYS~1")) returned 1 [0036.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.082] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0036.082] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85b7c280, ftCreationTime.dwHighDateTime=0x1d5b8bd, ftLastAccessTime.dwLowDateTime=0xcb8dd840, ftLastAccessTime.dwHighDateTime=0x1d5ba92, ftLastWriteTime.dwLowDateTime=0xcb8dd840, ftLastWriteTime.dwHighDateTime=0x1d5ba92, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0036.082] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85b7c280, ftCreationTime.dwHighDateTime=0x1d5b8bd, ftLastAccessTime.dwLowDateTime=0xcb8dd840, ftLastAccessTime.dwHighDateTime=0x1d5ba92, ftLastWriteTime.dwLowDateTime=0xcb8dd840, ftLastWriteTime.dwHighDateTime=0x1d5ba92, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName="..", cAlternateFileName="")) returned 1 [0036.082] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c4ff580, ftCreationTime.dwHighDateTime=0x1d5c17f, ftLastAccessTime.dwLowDateTime=0x7bed56c0, ftLastAccessTime.dwHighDateTime=0x1d5b7f5, ftLastWriteTime.dwLowDateTime=0x7bed56c0, ftLastWriteTime.dwHighDateTime=0x1d5b7f5, nFileSizeHigh=0x0, nFileSizeLow=0xf39a, dwReserved0=0x0, dwReserved1=0x29, cFileName="CWqoguhnj.flv", cAlternateFileName="CWQOGU~1.FLV")) returned 1 [0036.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.082] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\CWqoguhnj.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\cwqoguhnj.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.083] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf39a, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xf39a, lpOverlapped=0x0) returned 1 [0036.084] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.084] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf39a, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xf39a, lpOverlapped=0x0) returned 1 [0036.084] CloseHandle (hObject=0x3c) returned 1 [0036.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.084] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\CWqoguhnj.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\cwqoguhnj.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\CWqoguhnj.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\cwqoguhnj.flv.adv")) returned 1 [0036.085] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.085] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.085] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3e94b90, ftCreationTime.dwHighDateTime=0x1d5b5d2, ftLastAccessTime.dwLowDateTime=0x3ad5a480, ftLastAccessTime.dwHighDateTime=0x1d5bae3, ftLastWriteTime.dwLowDateTime=0x3ad5a480, ftLastWriteTime.dwHighDateTime=0x1d5bae3, nFileSizeHigh=0x0, nFileSizeLow=0xf1fd, dwReserved0=0x0, dwReserved1=0x29, cFileName="E52Kki_b.flv", cAlternateFileName="")) returned 1 [0036.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.085] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\E52Kki_b.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\e52kki_b.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.086] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf1fd, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xf1fd, lpOverlapped=0x0) returned 1 [0036.087] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.087] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf1fd, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xf1fd, lpOverlapped=0x0) returned 1 [0036.087] CloseHandle (hObject=0x3c) returned 1 [0036.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.087] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\E52Kki_b.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\e52kki_b.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\E52Kki_b.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\e52kki_b.flv.adv")) returned 1 [0036.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.088] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba3f9620, ftCreationTime.dwHighDateTime=0x1d5bc07, ftLastAccessTime.dwLowDateTime=0xa42a29d0, ftLastAccessTime.dwHighDateTime=0x1d5b8ac, ftLastWriteTime.dwLowDateTime=0xa42a29d0, ftLastWriteTime.dwHighDateTime=0x1d5b8ac, nFileSizeHigh=0x0, nFileSizeLow=0x7cf1, dwReserved0=0x0, dwReserved1=0x29, cFileName="IO A.avi", cAlternateFileName="IOA~1.AVI")) returned 1 [0036.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\IO A.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\io a.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.089] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7cf1, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x7cf1, lpOverlapped=0x0) returned 1 [0036.090] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.090] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7cf1, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x7cf1, lpOverlapped=0x0) returned 1 [0036.090] CloseHandle (hObject=0x3c) returned 1 [0036.090] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.090] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\IO A.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\io a.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\IO A.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\io a.avi.adv")) returned 1 [0036.091] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.091] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.091] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bd215f0, ftCreationTime.dwHighDateTime=0x1d5c09b, ftLastAccessTime.dwLowDateTime=0x8540a120, ftLastAccessTime.dwHighDateTime=0x1d5b7d5, ftLastWriteTime.dwLowDateTime=0x8540a120, ftLastWriteTime.dwHighDateTime=0x1d5b7d5, nFileSizeHigh=0x0, nFileSizeLow=0x104c7, dwReserved0=0x0, dwReserved1=0x29, cFileName="j1cFvaEDY.swf", cAlternateFileName="J1CFVA~1.SWF")) returned 1 [0036.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.091] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\j1cFvaEDY.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\j1cfvaedy.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.091] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104c7, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x104c7, lpOverlapped=0x0) returned 1 [0036.092] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.092] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104c7, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x104c7, lpOverlapped=0x0) returned 1 [0036.092] CloseHandle (hObject=0x3c) returned 1 [0036.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.093] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\j1cFvaEDY.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\j1cfvaedy.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\j1cFvaEDY.swf.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\j1cfvaedy.swf.adv")) returned 1 [0036.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.093] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71776030, ftCreationTime.dwHighDateTime=0x1d5b987, ftLastAccessTime.dwLowDateTime=0x16acf630, ftLastAccessTime.dwHighDateTime=0x1d5b723, ftLastWriteTime.dwLowDateTime=0x16acf630, ftLastWriteTime.dwHighDateTime=0x1d5b723, nFileSizeHigh=0x0, nFileSizeLow=0xb947, dwReserved0=0x0, dwReserved1=0x29, cFileName="KEGThK-3QHqC.flv", cAlternateFileName="KEGTHK~1.FLV")) returned 1 [0036.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\KEGThK-3QHqC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\kegthk-3qhqc.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.094] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb947, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xb947, lpOverlapped=0x0) returned 1 [0036.094] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.094] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb947, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xb947, lpOverlapped=0x0) returned 1 [0036.095] CloseHandle (hObject=0x3c) returned 1 [0036.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0036.095] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\KEGThK-3QHqC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\kegthk-3qhqc.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\KEGThK-3QHqC.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\kegthk-3qhqc.flv.adv")) returned 1 [0036.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.095] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62646e00, ftCreationTime.dwHighDateTime=0x1d5c542, ftLastAccessTime.dwLowDateTime=0x2fef8580, ftLastAccessTime.dwHighDateTime=0x1d5bb4d, ftLastWriteTime.dwLowDateTime=0x2fef8580, ftLastWriteTime.dwHighDateTime=0x1d5bb4d, nFileSizeHigh=0x0, nFileSizeLow=0xb222, dwReserved0=0x0, dwReserved1=0x29, cFileName="QnFWmjJSKF.flv", cAlternateFileName="QNFWMJ~1.FLV")) returned 1 [0036.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\QnFWmjJSKF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\qnfwmjjskf.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.096] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb222, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xb222, lpOverlapped=0x0) returned 1 [0036.097] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.097] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb222, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xb222, lpOverlapped=0x0) returned 1 [0036.097] CloseHandle (hObject=0x3c) returned 1 [0036.097] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.097] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\QnFWmjJSKF.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\qnfwmjjskf.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\QnFWmjJSKF.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\qnfwmjjskf.flv.adv")) returned 1 [0036.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.098] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf443de90, ftCreationTime.dwHighDateTime=0x1d5bcec, ftLastAccessTime.dwLowDateTime=0xb715c0b0, ftLastAccessTime.dwHighDateTime=0x1d5c5bb, ftLastWriteTime.dwLowDateTime=0xb715c0b0, ftLastWriteTime.dwHighDateTime=0x1d5c5bb, nFileSizeHigh=0x0, nFileSizeLow=0x10717, dwReserved0=0x0, dwReserved1=0x29, cFileName="ttu4T-r.mkv", cAlternateFileName="")) returned 1 [0036.098] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.098] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.098] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\ttu4T-r.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\ttu4t-r.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.098] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10717, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x10717, lpOverlapped=0x0) returned 1 [0036.099] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.099] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10717, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x10717, lpOverlapped=0x0) returned 1 [0036.099] CloseHandle (hObject=0x3c) returned 1 [0036.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.099] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\ttu4T-r.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\ttu4t-r.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\ttu4T-r.mkv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\ttu4t-r.mkv.adv")) returned 1 [0036.100] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.100] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.100] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbf4870, ftCreationTime.dwHighDateTime=0x1d5c17b, ftLastAccessTime.dwLowDateTime=0x85ed0a60, ftLastAccessTime.dwHighDateTime=0x1d5c3e1, ftLastWriteTime.dwLowDateTime=0x85ed0a60, ftLastWriteTime.dwHighDateTime=0x1d5c3e1, nFileSizeHigh=0x0, nFileSizeLow=0x12663, dwReserved0=0x0, dwReserved1=0x29, cFileName="wz9ic4p1pG4Cug q.flv", cAlternateFileName="WZ9IC4~1.FLV")) returned 1 [0036.100] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.100] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.100] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\wz9ic4p1pG4Cug q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\wz9ic4p1pg4cug q.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.101] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12663, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x12663, lpOverlapped=0x0) returned 1 [0036.102] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.102] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12663, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x12663, lpOverlapped=0x0) returned 1 [0036.102] CloseHandle (hObject=0x3c) returned 1 [0036.102] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2010 [0036.102] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\wz9ic4p1pG4Cug q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\wz9ic4p1pg4cug q.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\wz9ic4p1pG4Cug q.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\wz9ic4p1pg4cug q.flv.adv")) returned 1 [0036.103] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.103] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.103] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8787b60, ftCreationTime.dwHighDateTime=0x1d5b620, ftLastAccessTime.dwLowDateTime=0x8c8a0880, ftLastAccessTime.dwHighDateTime=0x1d5c27b, ftLastWriteTime.dwLowDateTime=0x8c8a0880, ftLastWriteTime.dwHighDateTime=0x1d5c27b, nFileSizeHigh=0x0, nFileSizeLow=0xb510, dwReserved0=0x0, dwReserved1=0x29, cFileName="XIKZ.avi", cAlternateFileName="")) returned 1 [0036.103] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.103] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.103] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\XIKZ.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\xikz.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.103] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb510, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xb510, lpOverlapped=0x0) returned 1 [0036.104] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.104] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb510, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xb510, lpOverlapped=0x0) returned 1 [0036.104] CloseHandle (hObject=0x3c) returned 1 [0036.104] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.104] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\XIKZ.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\xikz.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\XIKZ.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\xikz.avi.adv")) returned 1 [0036.105] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.105] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.105] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b353c0, ftCreationTime.dwHighDateTime=0x1d5c37e, ftLastAccessTime.dwLowDateTime=0x2be75c00, ftLastAccessTime.dwHighDateTime=0x1d5b8e2, ftLastWriteTime.dwLowDateTime=0x2be75c00, ftLastWriteTime.dwHighDateTime=0x1d5b8e2, nFileSizeHigh=0x0, nFileSizeLow=0x7d5a, dwReserved0=0x0, dwReserved1=0x29, cFileName="Y56150Q.avi", cAlternateFileName="")) returned 1 [0036.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0036.105] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1f60 [0036.105] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0036.105] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\Y56150Q.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\y56150q.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0036.105] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7d5a, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x7d5a, lpOverlapped=0x0) returned 1 [0036.106] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.106] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7d5a, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x7d5a, lpOverlapped=0x0) returned 1 [0036.106] CloseHandle (hObject=0x3c) returned 1 [0036.106] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0036.106] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\Y56150Q.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\y56150q.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jVPrYs_W4-lQAk\\Y56150Q.avi.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jvprys_w4-lqak\\y56150q.avi.adv")) returned 1 [0036.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0036.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.107] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b353c0, ftCreationTime.dwHighDateTime=0x1d5c37e, ftLastAccessTime.dwLowDateTime=0x2be75c00, ftLastAccessTime.dwHighDateTime=0x1d5b8e2, ftLastWriteTime.dwLowDateTime=0x2be75c00, ftLastWriteTime.dwHighDateTime=0x1d5b8e2, nFileSizeHigh=0x0, nFileSizeLow=0x7d5a, dwReserved0=0x0, dwReserved1=0x29, cFileName="Y56150Q.avi", cAlternateFileName="")) returned 0 [0036.107] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0036.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0036.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.107] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47254490, ftCreationTime.dwHighDateTime=0x1d5ba37, ftLastAccessTime.dwLowDateTime=0xbc08b1b0, ftLastAccessTime.dwHighDateTime=0x1d5bd99, ftLastWriteTime.dwLowDateTime=0xbc08b1b0, ftLastWriteTime.dwHighDateTime=0x1d5bd99, nFileSizeHigh=0x0, nFileSizeLow=0x12451, dwReserved0=0x0, dwReserved1=0x0, cFileName="lpjQv9AHl.flv", cAlternateFileName="LPJQV9~1.FLV")) returned 1 [0036.107] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.107] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.107] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\lpjQv9AHl.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lpjqv9ahl.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0036.107] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x12451, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x12451, lpOverlapped=0x0) returned 1 [0036.109] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.109] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x12451, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x12451, lpOverlapped=0x0) returned 1 [0036.109] CloseHandle (hObject=0x38) returned 1 [0036.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0036.109] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\lpjQv9AHl.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lpjqv9ahl.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\lpjQv9AHl.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lpjqv9ahl.flv.adv")) returned 1 [0036.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0036.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.110] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498100d0, ftCreationTime.dwHighDateTime=0x1d5bb95, ftLastAccessTime.dwLowDateTime=0x708b8770, ftLastAccessTime.dwHighDateTime=0x1d5c1c8, ftLastWriteTime.dwLowDateTime=0x708b8770, ftLastWriteTime.dwHighDateTime=0x1d5c1c8, nFileSizeHigh=0x0, nFileSizeLow=0x81f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="n1MYONA8tgP.flv", cAlternateFileName="N1MYON~1.FLV")) returned 1 [0036.110] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f60 [0036.110] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f60 | out: hHeap=0x6d0000) returned 1 [0036.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\n1MYONA8tgP.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\n1myona8tgp.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0036.110] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x81f3, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x81f3, lpOverlapped=0x0) returned 1 [0036.111] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.111] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x81f3, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x81f3, lpOverlapped=0x0) returned 1 [0036.111] CloseHandle (hObject=0x38) returned 1 [0036.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.111] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\n1MYONA8tgP.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\n1myona8tgp.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\n1MYONA8tgP.flv.adv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\n1myona8tgp.flv.adv")) returned 1 [0036.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.112] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498100d0, ftCreationTime.dwHighDateTime=0x1d5bb95, ftLastAccessTime.dwLowDateTime=0x708b8770, ftLastAccessTime.dwHighDateTime=0x1d5c1c8, ftLastWriteTime.dwLowDateTime=0x708b8770, ftLastWriteTime.dwHighDateTime=0x1d5c1c8, nFileSizeHigh=0x0, nFileSizeLow=0x81f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="n1MYONA8tgP.flv", cAlternateFileName="N1MYON~1.FLV")) returned 0 [0036.112] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0036.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0036.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0036.112] FindNextFileW (in: hFindFile=0x6e1f20, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x9ff2e530, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9ff2e530, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Videos", cAlternateFileName="")) returned 0 [0036.112] FindClose (in: hFindFile=0x6e1f20 | out: hFindFile=0x6e1f20) returned 1 [0036.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0036.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0036.112] FindNextFileW (in: hFindFile=0x6e1e50, lpFindFileData=0x31f5a4 | out: lpFindFileData=0x31f5a4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x1, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0036.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0450 [0036.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e6780 [0036.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0450 | out: hHeap=0x6d0000) returned 1 [0036.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e67b8 [0036.112] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*", lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0036.113] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="..", cAlternateFileName="")) returned 1 [0036.113] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0036.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0036.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0036.113] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0036.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0036.113] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0036.113] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 1 [0036.113] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0036.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0036.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0036.113] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0036.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0036.113] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0036.113] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="..", cAlternateFileName="")) returned 1 [0036.113] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="10.0", cAlternateFileName="")) returned 1 [0036.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0036.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0036.113] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0036.114] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName="..", cAlternateFileName="")) returned 1 [0036.114] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0036.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2090 [0036.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0036.114] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0036.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2090 [0036.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0036.114] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0036.114] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0036.115] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName="..", cAlternateFileName="")) returned 1 [0036.115] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName="Security", cAlternateFileName="")) returned 1 [0036.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2090 [0036.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0948 [0036.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0036.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0036.115] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0036.115] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName="..", cAlternateFileName="")) returned 1 [0036.115] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 1 [0036.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0036.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09e0 [0036.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0036.115] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0036.116] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1df, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1df, lpOverlapped=0x0) returned 1 [0036.117] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.117] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1df, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1df, lpOverlapped=0x0) returned 1 [0036.117] CloseHandle (hObject=0x48) returned 1 [0036.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e2090 [0036.117] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), lpNewFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.adv" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata.adv")) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0036.118] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 0 [0036.118] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0036.118] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName="Security", cAlternateFileName="")) returned 0 [0036.118] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0036.118] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0x8000ce40, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0036.118] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0036.118] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="10.0", cAlternateFileName="")) returned 0 [0036.118] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0036.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0036.118] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="ARM", cAlternateFileName="")) returned 1 [0036.118] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0036.118] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0036.118] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0036.118] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="..", cAlternateFileName="")) returned 1 [0036.118] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0036.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f68 [0036.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fb0 [0036.119] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f68 | out: hHeap=0x6d0000) returned 1 [0036.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2018 [0036.119] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0036.120] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="..", cAlternateFileName="")) returned 1 [0036.120] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x7e186d00, ftLastWriteTime.dwHighDateTime=0x1cfb543, nFileSizeHigh=0x0, nFileSizeLow=0x3d800, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="AdbeRdrSecUpd10111.msp", cAlternateFileName="ADBERD~2.MSP")) returned 1 [0036.120] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2080 [0036.120] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0036.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2080 | out: hHeap=0x6d0000) returned 1 [0036.120] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0036.120] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d800, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x3d800, lpOverlapped=0x0) returned 1 [0036.124] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.124] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d800, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x3d800, lpOverlapped=0x0) returned 1 [0036.125] CloseHandle (hObject=0x40) returned 1 [0036.125] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2080 [0036.125] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), lpNewFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.adv" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp.adv")) returned 1 [0036.125] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2080 | out: hHeap=0x6d0000) returned 1 [0036.125] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0036.126] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0036.126] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2080 [0036.126] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0036.126] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2080 | out: hHeap=0x6d0000) returned 1 [0036.126] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0036.126] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10e3000, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x10e3000, lpOverlapped=0x0) returned 1 [0036.677] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0036.677] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10e3000, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x10e3000, lpOverlapped=0x0) returned 1 [0037.352] CloseHandle (hObject=0x40) returned 1 [0037.352] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2080 [0037.352] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), lpNewFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.adv" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp.adv")) returned 1 [0037.354] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2080 | out: hHeap=0x6d0000) returned 1 [0037.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0037.355] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 1 [0037.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2080 [0037.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0037.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2080 | out: hHeap=0x6d0000) returned 1 [0037.355] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0037.355] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x109d000, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x109d000, lpOverlapped=0x0) returned 1 [0037.671] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.671] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x109d000, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x109d000, lpOverlapped=0x0) returned 1 [0037.885] CloseHandle (hObject=0x40) returned 1 [0037.885] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2080 [0037.885] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), lpNewFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp.adv" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp.adv")) returned 1 [0037.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2080 | out: hHeap=0x6d0000) returned 1 [0037.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0037.887] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 0 [0037.887] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2018 | out: hHeap=0x6d0000) returned 1 [0037.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fb0 | out: hHeap=0x6d0000) returned 1 [0037.887] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda0, dwReserved1=0xe4efbbe0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 0 [0037.887] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.887] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="ARM", cAlternateFileName="")) returned 0 [0037.887] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0037.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0037.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0037.887] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0037.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0037.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed830 [0037.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0037.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0037.887] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="ARM", cAlternateFileName="")) returned 0xffffffff [0037.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0037.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0037.888] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0037.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0037.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0037.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0037.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0037.888] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Desktop\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="ARM", cAlternateFileName="")) returned 0xffffffff [0037.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0037.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0037.888] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0037.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0037.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0037.888] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0037.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0037.888] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="ARM", cAlternateFileName="")) returned 0xffffffff [0037.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0037.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0037.889] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0037.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0037.889] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Favorites\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="ARM", cAlternateFileName="")) returned 0xffffffff [0037.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0037.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0037.889] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0037.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0037.889] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0037.889] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 1 [0037.889] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Assistance", cAlternateFileName="ASSIST~1")) returned 1 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0037.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0037.889] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0037.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.889] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.890] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.890] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Client", cAlternateFileName="")) returned 1 [0037.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0037.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0037.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0037.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1ff0 [0037.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.890] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0x3fc949a4, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0037.890] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0x3fc949a4, cFileName="..", cAlternateFileName="")) returned 1 [0037.890] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0x3fc949a4, cFileName="1.0", cAlternateFileName="")) returned 1 [0037.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0037.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2088 [0037.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0037.890] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0x3fc949a4, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0037.891] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0x3fc949a4, cFileName="..", cAlternateFileName="")) returned 1 [0037.891] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0x3fc949a4, cFileName="en-US", cAlternateFileName="")) returned 1 [0037.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0037.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0037.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0037.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0037.891] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0037.893] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName="..", cAlternateFileName="")) returned 1 [0037.893] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2436abaa, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xabde2c6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa65a8bbf, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x2f22, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName="Help_CValidator.H1D", cAlternateFileName="HELP_C~1.H1D")) returned 1 [0037.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0037.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0037.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0037.893] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0037.894] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2f22, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2f22, lpOverlapped=0x0) returned 1 [0037.898] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.898] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2f22, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2f22, lpOverlapped=0x0) returned 1 [0037.898] CloseHandle (hObject=0x48) returned 1 [0037.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0037.898] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.adv" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d.adv")) returned 1 [0037.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0037.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0037.899] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae2660aa, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae2660aa, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x365fc, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName="Help_MKWD_AssetId.H1W", cAlternateFileName="HELP_M~1.H1W")) returned 1 [0037.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0037.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0037.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0037.899] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0037.900] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x365fc, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x365fc, lpOverlapped=0x0) returned 1 [0037.903] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.903] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x365fc, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x365fc, lpOverlapped=0x0) returned 1 [0037.904] CloseHandle (hObject=0x48) returned 1 [0037.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0037.904] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.adv" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w.adv")) returned 1 [0037.904] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0037.904] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0037.904] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae409b6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae409b6f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x325ec, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName="Help_MKWD_BestBet.H1W", cAlternateFileName="HELP_M~2.H1W")) returned 1 [0037.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0037.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0037.904] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0037.904] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0037.905] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x325ec, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x325ec, lpOverlapped=0x0) returned 1 [0037.909] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.909] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x325ec, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x325ec, lpOverlapped=0x0) returned 1 [0037.910] CloseHandle (hObject=0x48) returned 1 [0037.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0037.910] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.adv" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w.adv")) returned 1 [0037.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0037.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0037.911] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x79f1a, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName="Help_MTOC_help.H1H", cAlternateFileName="HELP_M~1.H1H")) returned 1 [0037.911] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0037.911] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0037.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0037.911] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0037.911] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x79f1a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x79f1a, lpOverlapped=0x0) returned 1 [0037.920] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.920] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x79f1a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x79f1a, lpOverlapped=0x0) returned 1 [0037.921] CloseHandle (hObject=0x48) returned 1 [0037.921] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0037.921] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.adv" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h.adv")) returned 1 [0037.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0037.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0037.922] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x26353250, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x3944, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName="Help_MValidator.H1D", cAlternateFileName="HELP_M~1.H1D")) returned 1 [0037.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0037.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0037.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0037.922] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0037.922] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3944, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3944, lpOverlapped=0x0) returned 1 [0037.924] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.924] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3944, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3944, lpOverlapped=0x0) returned 1 [0037.924] CloseHandle (hObject=0x48) returned 1 [0037.924] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0037.924] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.adv" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d.adv")) returned 1 [0037.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0037.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0037.925] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName="Help_MValidator.Lck", cAlternateFileName="HELP_M~1.LCK")) returned 1 [0037.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0037.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0037.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0037.925] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0037.925] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4, lpOverlapped=0x0) returned 1 [0037.926] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.926] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4, lpOverlapped=0x0) returned 1 [0037.927] CloseHandle (hObject=0x48) returned 1 [0037.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0037.927] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.adv" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck.adv")) returned 1 [0037.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0037.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0037.927] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 1 [0037.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0037.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0960 [0037.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0037.927] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0037.928] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd5310, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xd5310, lpOverlapped=0x0) returned 1 [0037.937] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.937] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd5310, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xd5310, lpOverlapped=0x0) returned 1 [0037.939] CloseHandle (hObject=0x48) returned 1 [0037.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0a38 [0037.940] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.adv" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q.adv")) returned 1 [0037.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a38 | out: hHeap=0x6d0000) returned 1 [0037.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0037.940] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x1ca0445, dwReserved1=0xa8f17049, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 0 [0037.940] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0037.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0037.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0037.940] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0x3fc949a4, cFileName="en-US", cAlternateFileName="")) returned 0 [0037.940] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0037.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0037.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2088 | out: hHeap=0x6d0000) returned 1 [0037.940] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0445, dwReserved1=0x3fc949a4, cFileName="1.0", cAlternateFileName="")) returned 0 [0037.941] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0037.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0037.941] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Client", cAlternateFileName="")) returned 0 [0037.941] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0037.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.941] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0037.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0037.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0037.941] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.941] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.941] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="DSS", cAlternateFileName="")) returned 1 [0037.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0037.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0037.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0037.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.941] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0037.942] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="..", cAlternateFileName="")) returned 1 [0037.942] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0037.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0037.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0037.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0037.942] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd943744, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0037.942] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd943744, cFileName="..", cAlternateFileName="")) returned 1 [0037.942] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd943744, cFileName="..", cAlternateFileName="")) returned 0 [0037.942] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0037.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0037.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0037.942] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 0 [0037.942] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0037.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0037.942] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Keys", cAlternateFileName="")) returned 1 [0037.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0037.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0037.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0037.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0037.943] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0037.943] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="..", cAlternateFileName="")) returned 1 [0037.943] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="..", cAlternateFileName="")) returned 0 [0037.944] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0037.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0037.944] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="RSA", cAlternateFileName="")) returned 1 [0037.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0037.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0037.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0037.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.944] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0037.944] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="..", cAlternateFileName="")) returned 1 [0037.944] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0037.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0037.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0037.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0037.944] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfc65d150, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0037.944] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfc65d150, cFileName="..", cAlternateFileName="")) returned 1 [0037.944] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfc65d150, cFileName="..", cAlternateFileName="")) returned 0 [0037.944] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0037.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0037.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0037.944] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0037.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0037.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0037.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0037.945] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfc65d150, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0037.945] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfc65d150, cFileName="..", cAlternateFileName="")) returned 1 [0037.945] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xfc767af0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xfc767af0, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc767af0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x2f, dwReserved0=0x1ca0431, dwReserved1=0xfc65d150, cFileName="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="6D14E4~1")) returned 1 [0037.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0037.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2038 [0037.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0037.946] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0037.946] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2f, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2f, lpOverlapped=0x0) returned 1 [0037.947] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.947] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2f, lpOverlapped=0x0) returned 1 [0037.947] CloseHandle (hObject=0x44) returned 1 [0037.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f08b0 [0037.947] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv")) returned 1 [0037.948] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0037.948] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.948] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe5bc2f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x41d, dwReserved0=0x1ca0431, dwReserved1=0xfc65d150, cFileName="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="D42CC0~1")) returned 1 [0037.948] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0037.948] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2038 [0037.948] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0037.948] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0037.948] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x41d, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x41d, lpOverlapped=0x0) returned 1 [0037.950] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.950] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x41d, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x41d, lpOverlapped=0x0) returned 1 [0037.950] CloseHandle (hObject=0x44) returned 1 [0037.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f08b0 [0037.950] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.adv")) returned 1 [0037.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0037.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.954] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe5bc2f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x41d, dwReserved0=0x1ca0431, dwReserved1=0xfc65d150, cFileName="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="D42CC0~1")) returned 0 [0037.954] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0037.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0037.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0037.954] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="S-1-5-18", cAlternateFileName="")) returned 0 [0037.954] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0037.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0037.954] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="RSA", cAlternateFileName="")) returned 0 [0037.955] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.955] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0037.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0037.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0037.955] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.955] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.955] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Device", cAlternateFileName="")) returned 1 [0037.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0037.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0037.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0037.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0037.955] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0037.956] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="..", cAlternateFileName="")) returned 1 [0037.956] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="{113527a4-45d4-4b6f-b567-97838f1b04b0}", cAlternateFileName="{11352~1")) returned 1 [0037.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0037.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0037.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0037.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0a20 [0037.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.956] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0037.958] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="..", cAlternateFileName="")) returned 1 [0037.958] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="background.png", cAlternateFileName="")) returned 1 [0037.958] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.958] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3778 [0037.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.958] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.958] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7c5b0d9, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xc7c5b0d9, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xc7c5b0d9, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xb61, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0037.958] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.958] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3778 [0037.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.959] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.959] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xadc8, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="device.png", cAlternateFileName="")) returned 1 [0037.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3778 [0037.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.959] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.960] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0a07cc, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0a07cc, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="overlay.png", cAlternateFileName="")) returned 1 [0037.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3778 [0037.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.960] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.960] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="superbar.png", cAlternateFileName="")) returned 1 [0037.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3778 [0037.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.960] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.961] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.961] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="superbar.png", cAlternateFileName="")) returned 0 [0037.961] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0037.961] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0037.961] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0037.961] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 1 [0037.961] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0037.961] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0037.961] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0037.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0a20 [0037.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.962] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0037.962] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="..", cAlternateFileName="")) returned 1 [0037.962] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0af2f7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x9c0af2f7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x9c0af2f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="background.png", cAlternateFileName="")) returned 1 [0037.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3778 [0037.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.962] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.962] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2feb941, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2feb941, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0037.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3778 [0037.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.962] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.962] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="watermark.png", cAlternateFileName="")) returned 1 [0037.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0968 [0037.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3778 [0037.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0037.962] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.963] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="watermark.png", cAlternateFileName="")) returned 0 [0037.963] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0037.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0037.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0037.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 0 [0037.963] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0037.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.963] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Task", cAlternateFileName="")) returned 1 [0037.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0037.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2058 [0037.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0037.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.963] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0037.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="..", cAlternateFileName="")) returned 1 [0037.963] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", cAlternateFileName="{07DEB~1")) returned 1 [0037.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2058 [0037.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0948 [0037.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e2058 [0037.963] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0037.965] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="..", cAlternateFileName="")) returned 1 [0037.965] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="en-US", cAlternateFileName="")) returned 1 [0037.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0037.966] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0037.966] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0037.966] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x1ca0431, dwReserved1=0x1d91b669, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0037.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3840 [0037.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3908 [0037.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0037.966] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3908 | out: hHeap=0x6d0000) returned 1 [0037.967] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x1ca0431, dwReserved1=0x1d91b669, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0037.967] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0037.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.967] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c7f9e6, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c7f9e6, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0037.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.967] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.967] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x72ee, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="netfol.ico", cAlternateFileName="")) returned 1 [0037.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.967] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.968] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2ca5b43, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2ca5b43, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c10f535, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x14668, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="pictures.ico", cAlternateFileName="")) returned 1 [0037.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.968] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.968] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c59889, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c59889, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1cdc0b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0037.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.968] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.969] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2cf1dfd, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2cf1dfd, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="ringtones.ico", cAlternateFileName="")) returned 1 [0037.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.969] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.969] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d17f5a, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d17f5a, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10850, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="settings.ico", cAlternateFileName="")) returned 1 [0037.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.969] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.969] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d3e0b7, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d3e0b7, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="sync.ico", cAlternateFileName="")) returned 1 [0037.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.969] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.969] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c219ec7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x7c219ec7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x3473, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0037.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.969] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.970] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="wmp.ico", cAlternateFileName="")) returned 1 [0037.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.971] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.971] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.971] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.971] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="wmp.ico", cAlternateFileName="")) returned 0 [0037.971] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0037.971] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.971] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0037.971] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 1 [0037.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2058 [0037.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0948 [0037.971] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e2058 [0037.971] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0037.972] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="..", cAlternateFileName="")) returned 1 [0037.972] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="en-US", cAlternateFileName="")) returned 1 [0037.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0037.973] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0037.973] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0037.973] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x1ca0431, dwReserved1=0x1d91b669, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0037.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3840 [0037.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3908 [0037.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0037.973] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3908 | out: hHeap=0x6d0000) returned 1 [0037.974] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x1ca0431, dwReserved1=0x1d91b669, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0037.974] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0037.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0037.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.974] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78a2eab, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0037.974] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.974] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.974] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.974] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="print_pref.ico", cAlternateFileName="")) returned 1 [0037.974] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.974] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.974] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.975] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.975] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xebb8, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="print_property.ico", cAlternateFileName="")) returned 1 [0037.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.975] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.975] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.975] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.975] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f112be3, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f112be3, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7be8cbf, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xdff5, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="print_queue.ico", cAlternateFileName="")) returned 1 [0037.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.975] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.975] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.976] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xec75, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="scan_.ico", cAlternateFileName="")) returned 1 [0037.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.976] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.976] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10654, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="scan_property.ico", cAlternateFileName="")) returned 1 [0037.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.976] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.976] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="scan_settings.ico", cAlternateFileName="")) returned 1 [0037.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.976] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.976] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0037.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0037.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0ab8 [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0037.977] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0037.977] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="tasks.xml", cAlternateFileName="")) returned 0 [0037.977] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0037.977] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd96989e, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 0 [0037.977] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0037.977] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Task", cAlternateFileName="")) returned 0 [0037.977] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.977] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0037.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0037.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0037.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.977] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DeviceSync\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.978] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.978] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 0 [0037.978] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0037.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.978] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="DRM", cAlternateFileName="")) returned 1 [0037.978] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.978] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0037.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.978] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0037.978] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DRM\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.979] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.979] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Server", cAlternateFileName="")) returned 1 [0037.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0037.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0037.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0037.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.979] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0037.979] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="..", cAlternateFileName="")) returned 1 [0037.979] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd98f9f8, cFileName="..", cAlternateFileName="")) returned 0 [0037.979] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0037.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0037.979] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Server", cAlternateFileName="")) returned 0 [0037.979] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.980] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="eHome", cAlternateFileName="")) returned 1 [0037.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0037.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0037.980] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\eHome\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.980] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.980] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="logs", cAlternateFileName="")) returned 1 [0037.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0037.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0037.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0037.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.980] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cbf8eb, dwReserved1=0xaa597fc2, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0037.980] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cbf8eb, dwReserved1=0xaa597fc2, cFileName="..", cAlternateFileName="")) returned 1 [0037.980] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cbf8eb, dwReserved1=0xaa597fc2, cFileName="..", cAlternateFileName="")) returned 0 [0037.980] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0037.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0037.981] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="logs", cAlternateFileName="")) returned 0 [0037.981] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.981] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0037.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0037.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0037.981] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.981] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.981] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Views", cAlternateFileName="")) returned 1 [0037.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0037.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2058 [0037.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0037.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.981] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fa9b, dwReserved1=0x3a6c7630, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0037.981] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fa9b, dwReserved1=0x3a6c7630, cFileName="..", cAlternateFileName="")) returned 1 [0037.982] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fa9b, dwReserved1=0x3a6c7630, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 1 [0037.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2058 [0037.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0948 [0037.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd4) returned 0x6e2058 [0037.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0037.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0948 [0037.982] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fa9b, dwReserved1=0x3235c810, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0037.982] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fa9b, dwReserved1=0x3235c810, cFileName="..", cAlternateFileName="")) returned 1 [0037.982] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fa9b, dwReserved1=0x3235c810, cFileName="..", cAlternateFileName="")) returned 0 [0037.982] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0037.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0037.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.982] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fa9b, dwReserved1=0x3a6c7630, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 0 [0037.982] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0037.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0037.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0037.983] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Views", cAlternateFileName="")) returned 0 [0037.983] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.983] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0037.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0037.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0037.983] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.984] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.984] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac29de1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3d00, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="ppcrlconfig.dll", cAlternateFileName="PPCRLC~1.DLL")) returned 1 [0037.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0037.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0037.984] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0037.984] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlconfig.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0037.984] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d00, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x3d00, lpOverlapped=0x0) returned 1 [0037.986] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.986] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d00, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x3d00, lpOverlapped=0x0) returned 1 [0037.986] CloseHandle (hObject=0x3c) returned 1 [0037.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0037.986] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlconfig.dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.adv" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlconfig.dll.adv")) returned 1 [0037.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0037.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.987] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 1 [0037.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0037.987] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0037.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0037.987] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0037.988] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3e108, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x3e108, lpOverlapped=0x0) returned 1 [0037.992] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.992] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3e108, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x3e108, lpOverlapped=0x0) returned 1 [0037.993] CloseHandle (hObject=0x3c) returned 1 [0037.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0037.993] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlui.dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlui.dll.adv" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\ppcrlui.dll.adv")) returned 1 [0037.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0037.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0037.993] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 0 [0037.993] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.993] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0037.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0037.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0037.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0037.993] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Media Player\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.994] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.994] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 0 [0037.994] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0037.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0037.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.994] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MF", cAlternateFileName="")) returned 1 [0037.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0037.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0037.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f68 [0037.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.994] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0037.994] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0037.994] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Active.GRL", cAlternateFileName="")) returned 1 [0037.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0037.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1fd0 [0037.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.994] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\users\\all users\\microsoft\\mf\\active.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0037.995] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3a7c, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x3a7c, lpOverlapped=0x0) returned 1 [0037.996] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.996] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3a7c, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x3a7c, lpOverlapped=0x0) returned 1 [0037.997] CloseHandle (hObject=0x3c) returned 1 [0037.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2038 [0037.997] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\users\\all users\\microsoft\\mf\\active.grl"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL.adv" (normalized: "c:\\users\\all users\\microsoft\\mf\\active.grl.adv")) returned 1 [0037.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0037.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd0 | out: hHeap=0x6d0000) returned 1 [0037.997] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Pending.GRL", cAlternateFileName="")) returned 1 [0037.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0037.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1fd0 [0037.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0037.997] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\users\\all users\\microsoft\\mf\\pending.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0037.998] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3a7c, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x3a7c, lpOverlapped=0x0) returned 1 [0037.999] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0037.999] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3a7c, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x3a7c, lpOverlapped=0x0) returned 1 [0038.000] CloseHandle (hObject=0x3c) returned 1 [0038.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2038 [0038.000] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\users\\all users\\microsoft\\mf\\pending.grl"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\MF\\Pending.GRL.adv" (normalized: "c:\\users\\all users\\microsoft\\mf\\pending.grl.adv")) returned 1 [0038.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0038.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd0 | out: hHeap=0x6d0000) returned 1 [0038.000] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Pending.GRL", cAlternateFileName="")) returned 0 [0038.000] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0038.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f68 | out: hHeap=0x6d0000) returned 1 [0038.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0038.000] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MSDN", cAlternateFileName="")) returned 1 [0038.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0038.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0038.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0038.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0038.000] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\MSDN\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0038.001] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0038.001] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="8.0", cAlternateFileName="")) returned 1 [0038.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0038.001] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d301bf, dwReserved1=0x50ea0e30, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0038.001] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d301bf, dwReserved1=0x50ea0e30, cFileName="..", cAlternateFileName="")) returned 1 [0038.001] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d301bf, dwReserved1=0x50ea0e30, cFileName="..", cAlternateFileName="")) returned 0 [0038.001] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0038.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0038.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.001] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="8.0", cAlternateFileName="")) returned 0 [0038.001] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0038.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0038.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0038.001] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0038.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0038.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0038.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0038.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0038.001] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\NetFramework\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0038.002] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0038.002] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 1 [0038.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0038.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0038.002] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0038.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0038.003] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e676, dwReserved1=0x56ac2f60, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0038.003] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e676, dwReserved1=0x56ac2f60, cFileName="..", cAlternateFileName="")) returned 1 [0038.003] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e676, dwReserved1=0x56ac2f60, cFileName="..", cAlternateFileName="")) returned 0 [0038.003] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0038.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0038.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0038.003] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 0 [0038.003] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0038.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0038.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0038.003] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Network", cAlternateFileName="")) returned 1 [0038.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0038.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0038.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0038.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0038.003] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0038.004] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0038.004] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0038.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0038.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0038.004] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0038.004] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="..", cAlternateFileName="")) returned 1 [0038.004] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="..", cAlternateFileName="")) returned 0 [0038.004] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0038.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0038.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0038.004] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 1 [0038.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0038.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0038.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2048 [0038.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.004] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0038.005] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="..", cAlternateFileName="")) returned 1 [0038.005] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xe0118910, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="qmgr0.dat", cAlternateFileName="")) returned 1 [0038.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0038.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0038.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.005] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr0.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0038.005] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x400000, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x400000, lpOverlapped=0x0) returned 1 [0038.069] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.069] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x400000, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x400000, lpOverlapped=0x0) returned 1 [0038.109] CloseHandle (hObject=0x40) returned 1 [0038.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0038.109] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr0.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat.adv" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr0.dat.adv")) returned 1 [0038.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0038.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0038.110] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="qmgr1.dat", cAlternateFileName="")) returned 1 [0038.110] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0038.110] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0038.110] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.110] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr1.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0038.110] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x400000, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x400000, lpOverlapped=0x0) returned 1 [0038.175] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.175] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x400000, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x400000, lpOverlapped=0x0) returned 1 [0038.262] CloseHandle (hObject=0x40) returned 1 [0038.262] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0038.262] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr1.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat.adv" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr1.dat.adv")) returned 1 [0038.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0038.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0038.263] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="qmgr1.dat", cAlternateFileName="")) returned 0 [0038.263] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0038.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0038.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0038.263] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 0 [0038.263] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0038.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0038.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0038.263] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0038.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0038.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0038.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0038.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0038.263] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0038.426] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0038.426] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="AssetLibrary.ico", cAlternateFileName="ASSETL~1.ICO")) returned 1 [0038.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0038.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.426] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\assetlibrary.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0038.484] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1536, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1536, lpOverlapped=0x0) returned 1 [0038.486] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.486] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1536, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1536, lpOverlapped=0x0) returned 1 [0038.486] CloseHandle (hObject=0x3c) returned 1 [0038.486] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0038.486] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\assetlibrary.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\assetlibrary.ico.adv")) returned 1 [0038.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0038.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0038.487] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="DocumentRepository.ico", cAlternateFileName="DOCUME~1.ICO")) returned 1 [0038.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0038.487] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.487] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\documentrepository.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0038.489] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x627e, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x627e, lpOverlapped=0x0) returned 1 [0038.490] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.490] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x627e, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x627e, lpOverlapped=0x0) returned 1 [0038.490] CloseHandle (hObject=0x3c) returned 1 [0038.491] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0038.491] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\documentrepository.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\documentrepository.ico.adv")) returned 1 [0038.491] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0038.491] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0038.491] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="MySharePoints.ico", cAlternateFileName="MYSHAR~1.ICO")) returned 1 [0038.491] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.491] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0038.491] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.491] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysharepoints.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0038.492] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5532e, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x5532e, lpOverlapped=0x0) returned 1 [0038.497] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.497] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5532e, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x5532e, lpOverlapped=0x0) returned 1 [0038.498] CloseHandle (hObject=0x3c) returned 1 [0038.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0038.498] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysharepoints.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\mysharepoints.ico.adv")) returned 1 [0038.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0038.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0038.498] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="MySite.ico", cAlternateFileName="")) returned 1 [0038.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.498] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0038.498] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.498] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0038.502] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x627e, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x627e, lpOverlapped=0x0) returned 1 [0038.504] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.504] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x627e, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x627e, lpOverlapped=0x0) returned 1 [0038.504] CloseHandle (hObject=0x3c) returned 1 [0038.504] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0038.504] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysite.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\mysite.ico.adv")) returned 1 [0038.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0038.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0038.505] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="SharePointPortalSite.ico", cAlternateFileName="SHAREP~1.ICO")) returned 1 [0038.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.505] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0038.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.505] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointportalsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0038.506] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x627e, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x627e, lpOverlapped=0x0) returned 1 [0038.508] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.508] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x627e, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x627e, lpOverlapped=0x0) returned 1 [0038.508] CloseHandle (hObject=0x3c) returned 1 [0038.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fe0 [0038.508] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointportalsite.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointportalsite.ico.adv")) returned 1 [0038.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0038.509] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="SharePointTeamSite.ico", cAlternateFileName="SHAREP~2.ICO")) returned 1 [0038.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0038.509] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.509] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointteamsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0038.510] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x627e, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x627e, lpOverlapped=0x0) returned 1 [0038.512] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.512] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x627e, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x627e, lpOverlapped=0x0) returned 1 [0038.512] CloseHandle (hObject=0x3c) returned 1 [0038.512] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0038.512] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointteamsite.ico"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointteamsite.ico.adv")) returned 1 [0038.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0038.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0038.513] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0038.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0038.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0038.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0038.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2048 [0038.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.513] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x19, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0038.514] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x19, cFileName="..", cAlternateFileName="")) returned 1 [0038.514] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x19, cFileName="1036", cAlternateFileName="")) returned 1 [0038.514] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0038.514] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0038.514] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.514] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0038.514] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0038.516] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="..", cAlternateFileName="")) returned 1 [0038.517] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0038.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.517] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.517] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.518] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3960, lpOverlapped=0x0) returned 1 [0038.520] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.520] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3960, lpOverlapped=0x0) returned 1 [0038.520] CloseHandle (hObject=0x44) returned 1 [0038.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.520] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll.adv")) returned 1 [0038.521] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.521] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.521] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0038.521] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.521] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.521] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.521] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.522] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbf60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xbf60, lpOverlapped=0x0) returned 1 [0038.524] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.524] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbf60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xbf60, lpOverlapped=0x0) returned 1 [0038.524] CloseHandle (hObject=0x44) returned 1 [0038.524] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.524] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll.adv")) returned 1 [0038.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.525] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0038.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.525] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.526] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3d960, lpOverlapped=0x0) returned 1 [0038.549] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.549] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3d960, lpOverlapped=0x0) returned 1 [0038.549] CloseHandle (hObject=0x44) returned 1 [0038.550] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.550] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll.adv")) returned 1 [0038.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.551] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x49f60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0038.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.551] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.556] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x49f60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x49f60, lpOverlapped=0x0) returned 1 [0038.560] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.560] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x49f60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x49f60, lpOverlapped=0x0) returned 1 [0038.561] CloseHandle (hObject=0x44) returned 1 [0038.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.561] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll.adv")) returned 1 [0038.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.562] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0038.562] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.562] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.562] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.562] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.563] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc160, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xc160, lpOverlapped=0x0) returned 1 [0038.568] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.568] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc160, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xc160, lpOverlapped=0x0) returned 1 [0038.568] CloseHandle (hObject=0x44) returned 1 [0038.568] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.568] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll.adv")) returned 1 [0038.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.569] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x17960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0038.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.569] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.569] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.570] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x17960, lpOverlapped=0x0) returned 1 [0038.572] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.572] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x17960, lpOverlapped=0x0) returned 1 [0038.572] CloseHandle (hObject=0x44) returned 1 [0038.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.573] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll.adv")) returned 1 [0038.573] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.573] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.573] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2ced60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0038.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.573] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.573] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.574] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2ced60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2ced60, lpOverlapped=0x0) returned 1 [0038.629] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.630] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2ced60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2ced60, lpOverlapped=0x0) returned 1 [0038.657] CloseHandle (hObject=0x44) returned 1 [0038.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.657] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll.adv")) returned 1 [0038.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.658] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa381000, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xaa381000, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0038.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.658] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.660] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb360, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xb360, lpOverlapped=0x0) returned 1 [0038.662] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.663] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb360, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xb360, lpOverlapped=0x0) returned 1 [0038.663] CloseHandle (hObject=0x44) returned 1 [0038.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.663] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll.adv")) returned 1 [0038.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.664] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0038.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.664] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.665] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7b60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x7b60, lpOverlapped=0x0) returned 1 [0038.666] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.666] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7b60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x7b60, lpOverlapped=0x0) returned 1 [0038.667] CloseHandle (hObject=0x44) returned 1 [0038.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.667] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll.adv")) returned 1 [0038.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.668] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3fb60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0038.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.668] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.669] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fb60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3fb60, lpOverlapped=0x0) returned 1 [0038.672] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.672] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fb60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3fb60, lpOverlapped=0x0) returned 1 [0038.673] CloseHandle (hObject=0x44) returned 1 [0038.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.673] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll.adv")) returned 1 [0038.674] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.674] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.674] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x37560, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0038.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.674] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.674] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.675] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x37560, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x37560, lpOverlapped=0x0) returned 1 [0038.679] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.679] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x37560, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x37560, lpOverlapped=0x0) returned 1 [0038.679] CloseHandle (hObject=0x44) returned 1 [0038.679] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.679] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll.adv")) returned 1 [0038.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.680] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0xa6560, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0038.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.680] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.681] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa6560, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xa6560, lpOverlapped=0x0) returned 1 [0038.689] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.689] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa6560, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xa6560, lpOverlapped=0x0) returned 1 [0038.691] CloseHandle (hObject=0x44) returned 1 [0038.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.691] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll.adv")) returned 1 [0038.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.692] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2b60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0038.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.692] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.692] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2b60, lpOverlapped=0x0) returned 1 [0038.694] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.694] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2b60, lpOverlapped=0x0) returned 1 [0038.694] CloseHandle (hObject=0x44) returned 1 [0038.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.694] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll.adv")) returned 1 [0038.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.695] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0xcd60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0038.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.695] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.695] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.698] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcd60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xcd60, lpOverlapped=0x0) returned 1 [0038.700] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.700] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcd60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xcd60, lpOverlapped=0x0) returned 1 [0038.700] CloseHandle (hObject=0x44) returned 1 [0038.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.700] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll.adv")) returned 1 [0038.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.701] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0x45f60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0038.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.701] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.702] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x45f60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x45f60, lpOverlapped=0x0) returned 1 [0038.707] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.707] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x45f60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x45f60, lpOverlapped=0x0) returned 1 [0038.708] CloseHandle (hObject=0x44) returned 1 [0038.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.708] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll.adv")) returned 1 [0038.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.709] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3b09500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa3b09500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a360, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0038.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.709] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.710] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a360, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x1a360, lpOverlapped=0x0) returned 1 [0038.712] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.712] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a360, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x1a360, lpOverlapped=0x0) returned 1 [0038.713] CloseHandle (hObject=0x44) returned 1 [0038.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.713] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll.adv")) returned 1 [0038.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.713] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x8e160, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0038.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.714] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.714] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8e160, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x8e160, lpOverlapped=0x0) returned 1 [0038.721] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.721] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8e160, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x8e160, lpOverlapped=0x0) returned 1 [0038.723] CloseHandle (hObject=0x44) returned 1 [0038.723] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.723] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll.adv")) returned 1 [0038.724] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.724] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.724] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749d2200, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x749d2200, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x5ab60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0038.724] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.724] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.724] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.724] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.725] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5ab60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x5ab60, lpOverlapped=0x0) returned 1 [0038.730] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.730] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5ab60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x5ab60, lpOverlapped=0x0) returned 1 [0038.731] CloseHandle (hObject=0x44) returned 1 [0038.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.731] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll.adv")) returned 1 [0038.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.731] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d7a1200, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6d7a1200, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0038.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.732] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.732] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3360, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3360, lpOverlapped=0x0) returned 1 [0038.734] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.734] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3360, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3360, lpOverlapped=0x0) returned 1 [0038.734] CloseHandle (hObject=0x44) returned 1 [0038.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.734] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll.adv")) returned 1 [0038.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.743] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8e7d800, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xc8e7d800, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4160, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0038.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.743] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.744] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4160, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4160, lpOverlapped=0x0) returned 1 [0038.746] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.746] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4160, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4160, lpOverlapped=0x0) returned 1 [0038.746] CloseHandle (hObject=0x44) returned 1 [0038.746] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.746] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll.adv")) returned 1 [0038.746] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.746] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.746] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0038.747] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.747] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.747] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.748] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x6960, lpOverlapped=0x0) returned 1 [0038.750] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.750] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x6960, lpOverlapped=0x0) returned 1 [0038.750] CloseHandle (hObject=0x44) returned 1 [0038.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.750] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll.adv")) returned 1 [0038.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.751] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a315700, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a315700, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x77560, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0038.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.751] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.751] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x77560, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x77560, lpOverlapped=0x0) returned 1 [0038.757] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.757] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x77560, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x77560, lpOverlapped=0x0) returned 1 [0038.758] CloseHandle (hObject=0x44) returned 1 [0038.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.759] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll.adv")) returned 1 [0038.759] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.759] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.759] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x25b60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0038.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.759] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.759] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.759] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.760] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x25b60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x25b60, lpOverlapped=0x0) returned 1 [0038.764] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.764] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x25b60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x25b60, lpOverlapped=0x0) returned 1 [0038.765] CloseHandle (hObject=0x44) returned 1 [0038.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.765] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll.adv")) returned 1 [0038.765] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.765] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.765] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x115b60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0038.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.765] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.765] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.766] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x115b60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x115b60, lpOverlapped=0x0) returned 1 [0038.786] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.786] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x115b60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x115b60, lpOverlapped=0x0) returned 1 [0038.791] CloseHandle (hObject=0x44) returned 1 [0038.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.791] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll.adv")) returned 1 [0038.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.792] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b688100, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6b688100, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x25360, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0038.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.792] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.793] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x25360, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x25360, lpOverlapped=0x0) returned 1 [0038.796] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.796] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x25360, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x25360, lpOverlapped=0x0) returned 1 [0038.796] CloseHandle (hObject=0x44) returned 1 [0038.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.796] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll.adv")) returned 1 [0038.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.797] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a375400, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a375400, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x137960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0038.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.797] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.797] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x137960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x137960, lpOverlapped=0x0) returned 1 [0038.817] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.817] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x137960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x137960, lpOverlapped=0x0) returned 1 [0038.823] CloseHandle (hObject=0x44) returned 1 [0038.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.823] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll.adv")) returned 1 [0038.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.824] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0038.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.824] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.824] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3d60, lpOverlapped=0x0) returned 1 [0038.828] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.828] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3d60, lpOverlapped=0x0) returned 1 [0038.828] CloseHandle (hObject=0x44) returned 1 [0038.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.828] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll.adv")) returned 1 [0038.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.829] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0038.829] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0038.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0038.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0038.829] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x19, cFileName="3082", cAlternateFileName="")) returned 1 [0038.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0038.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0038.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0038.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0038.829] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0038.831] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="..", cAlternateFileName="")) returned 1 [0038.833] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0038.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.833] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.834] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3760, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3760, lpOverlapped=0x0) returned 1 [0038.835] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.835] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3760, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3760, lpOverlapped=0x0) returned 1 [0038.835] CloseHandle (hObject=0x44) returned 1 [0038.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.836] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll.adv")) returned 1 [0038.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.836] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xb960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0038.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.836] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.836] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.837] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xb960, lpOverlapped=0x0) returned 1 [0038.839] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.839] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xb960, lpOverlapped=0x0) returned 1 [0038.839] CloseHandle (hObject=0x44) returned 1 [0038.839] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.839] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll.adv")) returned 1 [0038.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.840] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x39960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0038.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.840] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.840] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x39960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x39960, lpOverlapped=0x0) returned 1 [0038.844] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.844] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x39960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x39960, lpOverlapped=0x0) returned 1 [0038.845] CloseHandle (hObject=0x44) returned 1 [0038.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.845] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll.adv")) returned 1 [0038.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.845] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x47d60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0038.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.845] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.846] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x47d60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x47d60, lpOverlapped=0x0) returned 1 [0038.850] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.850] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x47d60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x47d60, lpOverlapped=0x0) returned 1 [0038.851] CloseHandle (hObject=0x44) returned 1 [0038.851] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.851] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll.adv")) returned 1 [0038.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.852] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0038.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.852] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.853] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc160, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xc160, lpOverlapped=0x0) returned 1 [0038.855] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.855] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc160, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xc160, lpOverlapped=0x0) returned 1 [0038.855] CloseHandle (hObject=0x44) returned 1 [0038.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.856] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll.adv")) returned 1 [0038.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.856] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x248aaf00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x16f60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0038.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.856] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.857] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16f60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x16f60, lpOverlapped=0x0) returned 1 [0038.859] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.859] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16f60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x16f60, lpOverlapped=0x0) returned 1 [0038.859] CloseHandle (hObject=0x44) returned 1 [0038.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.860] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll.adv")) returned 1 [0038.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.860] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x25bbdc00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2b2560, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0038.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.860] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.861] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b2560, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2b2560, lpOverlapped=0x0) returned 1 [0038.905] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.905] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b2560, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2b2560, lpOverlapped=0x0) returned 1 [0038.931] CloseHandle (hObject=0x44) returned 1 [0038.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.931] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll.adv")) returned 1 [0038.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.932] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3564d600, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0038.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.932] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.933] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb360, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xb360, lpOverlapped=0x0) returned 1 [0038.935] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.935] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb360, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xb360, lpOverlapped=0x0) returned 1 [0038.935] CloseHandle (hObject=0x44) returned 1 [0038.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.935] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll.adv")) returned 1 [0038.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.936] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63b88300, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0038.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.936] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.936] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7b60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x7b60, lpOverlapped=0x0) returned 1 [0038.938] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.938] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7b60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x7b60, lpOverlapped=0x0) returned 1 [0038.938] CloseHandle (hObject=0x44) returned 1 [0038.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.938] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll.adv")) returned 1 [0038.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.939] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x62875600, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0038.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.939] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.939] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.939] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3d960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3d960, lpOverlapped=0x0) returned 1 [0038.943] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.943] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3d960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3d960, lpOverlapped=0x0) returned 1 [0038.944] CloseHandle (hObject=0x44) returned 1 [0038.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.944] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll.adv")) returned 1 [0038.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.945] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x35960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0038.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.945] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.945] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x35960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x35960, lpOverlapped=0x0) returned 1 [0038.948] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.948] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x35960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x35960, lpOverlapped=0x0) returned 1 [0038.949] CloseHandle (hObject=0x44) returned 1 [0038.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.949] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll.adv")) returned 1 [0038.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.950] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x9f560, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0038.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.950] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.950] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9f560, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x9f560, lpOverlapped=0x0) returned 1 [0038.958] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.958] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9f560, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x9f560, lpOverlapped=0x0) returned 1 [0038.960] CloseHandle (hObject=0x44) returned 1 [0038.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.960] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll.adv")) returned 1 [0038.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.960] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x315ed100, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0038.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.960] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.961] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2d60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2d60, lpOverlapped=0x0) returned 1 [0038.962] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.963] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2d60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2d60, lpOverlapped=0x0) returned 1 [0038.963] CloseHandle (hObject=0x44) returned 1 [0038.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.963] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll.adv")) returned 1 [0038.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.963] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1a4a9400, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0xd160, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0038.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.963] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.963] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.964] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd160, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xd160, lpOverlapped=0x0) returned 1 [0038.966] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.966] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd160, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xd160, lpOverlapped=0x0) returned 1 [0038.966] CloseHandle (hObject=0x44) returned 1 [0038.966] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.966] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll.adv")) returned 1 [0038.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.967] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x19196700, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0x43560, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0038.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.967] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.967] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43560, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x43560, lpOverlapped=0x0) returned 1 [0038.971] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.971] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43560, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x43560, lpOverlapped=0x0) returned 1 [0038.972] CloseHandle (hObject=0x44) returned 1 [0038.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.972] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll.adv")) returned 1 [0038.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.973] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a560, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0038.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.973] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.973] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a560, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x1a560, lpOverlapped=0x0) returned 1 [0038.976] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.976] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a560, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x1a560, lpOverlapped=0x0) returned 1 [0038.976] CloseHandle (hObject=0x44) returned 1 [0038.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.976] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll.adv")) returned 1 [0038.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.977] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x57655500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x87f60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0038.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.977] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.977] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x87f60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x87f60, lpOverlapped=0x0) returned 1 [0038.984] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.984] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x87f60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x87f60, lpOverlapped=0x0) returned 1 [0038.986] CloseHandle (hObject=0x44) returned 1 [0038.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.986] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll.adv")) returned 1 [0038.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.986] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2720b500, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x57f60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0038.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.986] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.986] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.987] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x57f60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x57f60, lpOverlapped=0x0) returned 1 [0038.992] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.992] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x57f60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x57f60, lpOverlapped=0x0) returned 1 [0038.993] CloseHandle (hObject=0x44) returned 1 [0038.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.993] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll.adv")) returned 1 [0038.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.994] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x94d0df00, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0038.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.994] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.994] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3360, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3360, lpOverlapped=0x0) returned 1 [0038.996] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.996] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3360, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3360, lpOverlapped=0x0) returned 1 [0038.996] CloseHandle (hObject=0x44) returned 1 [0038.996] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.996] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll.adv")) returned 1 [0038.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0038.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0038.997] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xca190500, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0038.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0038.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0038.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0038.997] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0038.997] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4360, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4360, lpOverlapped=0x0) returned 1 [0038.999] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0038.999] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4360, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4360, lpOverlapped=0x0) returned 1 [0038.999] CloseHandle (hObject=0x44) returned 1 [0038.999] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0038.999] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll.adv")) returned 1 [0039.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0039.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.000] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0039.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0039.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0039.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0039.000] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.000] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x6960, lpOverlapped=0x0) returned 1 [0039.002] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.002] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x6960, lpOverlapped=0x0) returned 1 [0039.002] CloseHandle (hObject=0x44) returned 1 [0039.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0039.002] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll.adv")) returned 1 [0039.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0039.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.003] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x70273800, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x73960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0039.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0039.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0039.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0039.003] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.003] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x73960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x73960, lpOverlapped=0x0) returned 1 [0039.009] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.009] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x73960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x73960, lpOverlapped=0x0) returned 1 [0039.010] CloseHandle (hObject=0x44) returned 1 [0039.010] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0039.011] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll.adv")) returned 1 [0039.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0039.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.011] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa1789a00, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x24360, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0039.011] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0039.011] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0039.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0039.011] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.012] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24360, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x24360, lpOverlapped=0x0) returned 1 [0039.014] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.014] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24360, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x24360, lpOverlapped=0x0) returned 1 [0039.015] CloseHandle (hObject=0x44) returned 1 [0039.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0039.015] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll.adv")) returned 1 [0039.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0039.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.016] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa2a9c700, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x110b60, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0039.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0039.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0039.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0039.016] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.017] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x110b60, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x110b60, lpOverlapped=0x0) returned 1 [0039.038] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.038] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x110b60, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x110b60, lpOverlapped=0x0) returned 1 [0039.043] CloseHandle (hObject=0x44) returned 1 [0039.043] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0039.043] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll.adv")) returned 1 [0039.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0039.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.044] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x23960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0039.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0039.044] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0039.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0039.044] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.044] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x23960, lpOverlapped=0x0) returned 1 [0039.047] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.047] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x23960, lpOverlapped=0x0) returned 1 [0039.048] CloseHandle (hObject=0x44) returned 1 [0039.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0039.048] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll.adv")) returned 1 [0039.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0039.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.049] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x126760, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0039.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0039.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0039.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0039.049] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.049] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x126760, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x126760, lpOverlapped=0x0) returned 1 [0039.069] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.069] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x126760, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x126760, lpOverlapped=0x0) returned 1 [0039.074] CloseHandle (hObject=0x44) returned 1 [0039.074] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0039.074] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll.adv")) returned 1 [0039.075] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0039.075] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.075] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0039.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0039.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0039.075] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0039.075] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.075] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3960, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x3960, lpOverlapped=0x0) returned 1 [0039.077] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.077] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3960, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x3960, lpOverlapped=0x0) returned 1 [0039.077] CloseHandle (hObject=0x44) returned 1 [0039.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0039.077] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.adv" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll.adv")) returned 1 [0039.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0039.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.078] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x1d301be, dwReserved1=0xeed38550, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0039.078] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0039.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0039.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.078] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x19, cFileName="3082", cAlternateFileName="")) returned 0 [0039.078] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.078] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 0 [0039.078] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0039.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0039.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0039.078] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0039.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0039.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0039.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.078] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0039.079] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0039.079] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Cache", cAlternateFileName="")) returned 1 [0039.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0039.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e1ed8 [0039.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0039.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fa0 [0039.079] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d301bf, dwReserved1=0xfa44d4a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.079] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d301bf, dwReserved1=0xfa44d4a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.079] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x1d301bf, dwReserved1=0xfa44d4a0, cFileName="cache.dat", cAlternateFileName="")) returned 1 [0039.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2038 [0039.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0039.079] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.079] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40270, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x40270, lpOverlapped=0x0) returned 1 [0039.086] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.086] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40270, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x40270, lpOverlapped=0x0) returned 1 [0039.086] CloseHandle (hObject=0x40) returned 1 [0039.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e2038 [0039.086] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.adv" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat.adv")) returned 1 [0039.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0039.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.087] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x1d301bf, dwReserved1=0xfa44d4a0, cFileName="cache.dat", cAlternateFileName="")) returned 0 [0039.087] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa0 | out: hHeap=0x6d0000) returned 1 [0039.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.087] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0039.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0039.087] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e1ed8 [0039.087] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0039.087] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0039.088] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x469bd5, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x469bd5, lpOverlapped=0x0) returned 1 [0039.163] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.163] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x469bd5, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x469bd5, lpOverlapped=0x0) returned 1 [0039.223] CloseHandle (hObject=0x3c) returned 1 [0039.223] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e1fa0 [0039.223] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.adv" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.adv")) returned 1 [0039.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa0 | out: hHeap=0x6d0000) returned 1 [0039.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.224] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="tokens.dat", cAlternateFileName="")) returned 0 [0039.224] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0039.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0039.224] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="RAC", cAlternateFileName="")) returned 1 [0039.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0039.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0039.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0039.224] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0039.224] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0039.224] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Outbound", cAlternateFileName="")) returned 1 [0039.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.225] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.225] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="..", cAlternateFileName="")) returned 1 [0039.225] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="..", cAlternateFileName="")) returned 0 [0039.225] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.225] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b503bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b503bb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="PublishedData", cAlternateFileName="PUBLIS~1")) returned 1 [0039.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2048 [0039.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.225] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b503bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b503bb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.225] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b503bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b503bb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="..", cAlternateFileName="")) returned 1 [0039.226] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7b503bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9f405e10, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x45000, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 1 [0039.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0039.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.226] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.226] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7b503bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9f405e10, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x45000, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0039.226] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.226] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b503bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b503bb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="StateData", cAlternateFileName="STATED~1")) returned 1 [0039.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.226] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b503bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b503bb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.226] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b503bb0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b503bb0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="..", cAlternateFileName="")) returned 1 [0039.226] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb35800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xecb35800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9f3b9b50, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="RacDatabase.sdf", cAlternateFileName="RACDAT~1.SDF")) returned 1 [0039.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0039.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.227] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0039.227] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0039.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0039.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.227] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0039.227] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0039.227] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.227] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b5e83f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b5e83f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Temp", cAlternateFileName="")) returned 1 [0039.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0039.227] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b5e83f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b5e83f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.227] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b5e83f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b5e83f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="..", cAlternateFileName="")) returned 1 [0039.227] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b5c2290, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0x7b5c2290, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b5c2290, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="sql447E.tmp", cAlternateFileName="")) returned 1 [0039.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2090 [0039.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0039.228] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql447E.tmp" (normalized: "c:\\users\\all users\\microsoft\\rac\\temp\\sql447e.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.228] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b5e83f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0x7b5e83f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b5e83f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="sql448F.tmp", cAlternateFileName="")) returned 1 [0039.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2090 [0039.228] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0039.228] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql448F.tmp" (normalized: "c:\\users\\all users\\microsoft\\rac\\temp\\sql448f.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.228] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b5e83f0, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0x7b5e83f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b5e83f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="sql448F.tmp", cAlternateFileName="")) returned 0 [0039.228] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0039.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.228] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7b5e83f0, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x7b5e83f0, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Temp", cAlternateFileName="")) returned 0 [0039.228] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0039.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0039.228] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0039.228] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Search", cAlternateFileName="")) returned 1 [0039.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0039.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0039.229] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0039.229] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0039.229] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0039.229] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Data", cAlternateFileName="")) returned 1 [0039.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.229] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.229] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27df8b60, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.229] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27df8b60, cFileName="..", cAlternateFileName="")) returned 1 [0039.229] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27df8b60, cFileName="Applications", cAlternateFileName="APPLIC~1")) returned 1 [0039.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0039.229] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0039.229] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0039.230] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="..", cAlternateFileName="")) returned 1 [0039.230] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="Windows", cAlternateFileName="")) returned 1 [0039.230] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0039.230] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0039.230] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0039.230] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0039.231] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.232] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="..", cAlternateFileName="")) returned 1 [0039.232] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="Config", cAlternateFileName="")) returned 1 [0039.232] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.232] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0039.232] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.232] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0039.232] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Config\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29612a20, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0039.233] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29612a20, cFileName="..", cAlternateFileName="")) returned 1 [0039.233] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29612a20, cFileName="..", cAlternateFileName="")) returned 0 [0039.233] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0039.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0039.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0039.233] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="GatherLogs", cAlternateFileName="GATHER~1")) returned 1 [0039.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0039.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0039.233] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29612a20, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0039.233] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29612a20, cFileName="..", cAlternateFileName="")) returned 1 [0039.233] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29612a20, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 1 [0039.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ad0 [0039.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.233] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0039.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ad0 [0039.233] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29932700, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0039.234] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29932700, cFileName="..", cAlternateFileName="")) returned 1 [0039.234] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b773330, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x13a, dwReserved0=0x1d2dd9c, dwReserved1=0x29932700, cFileName="SystemIndex.1.Crwl", cAlternateFileName="SYSTEM~1.CRW")) returned 1 [0039.234] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3870 [0039.234] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3870 | out: hHeap=0x6d0000) returned 1 [0039.234] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.Crwl" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.crwl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0039.235] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13a, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x13a, lpOverlapped=0x0) returned 1 [0039.236] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.236] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13a, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x13a, lpOverlapped=0x0) returned 1 [0039.236] CloseHandle (hObject=0x50) returned 1 [0039.236] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.Crwl" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.crwl"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.Crwl.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.crwl.adv")) returned 1 [0039.237] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a38 | out: hHeap=0x6d0000) returned 1 [0039.237] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3928 | out: hHeap=0x6d0000) returned 1 [0039.237] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b773330, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x1d2dd9c, dwReserved1=0x29932700, cFileName="SystemIndex.1.gthr", cAlternateFileName="SYSTEM~1.GTH")) returned 1 [0039.237] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3870 [0039.237] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3928 [0039.237] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3870 | out: hHeap=0x6d0000) returned 1 [0039.237] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.gthr" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.gthr"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0039.237] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x22e, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x22e, lpOverlapped=0x0) returned 1 [0039.238] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.238] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x22e, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x22e, lpOverlapped=0x0) returned 1 [0039.238] CloseHandle (hObject=0x50) returned 1 [0039.238] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3a38 [0039.239] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.gthr" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.gthr"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\GatherLogs\\SystemIndex\\SystemIndex.1.gthr.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\gatherlogs\\systemindex\\systemindex.1.gthr.adv")) returned 1 [0039.239] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a38 | out: hHeap=0x6d0000) returned 1 [0039.239] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3928 | out: hHeap=0x6d0000) returned 1 [0039.239] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b773330, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x1d2dd9c, dwReserved1=0x29932700, cFileName="SystemIndex.1.gthr", cAlternateFileName="SYSTEM~1.GTH")) returned 0 [0039.239] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0039.239] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0039.239] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.239] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29612a20, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 0 [0039.239] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0039.240] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0039.240] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0039.240] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29612a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="MSS.chk", cAlternateFileName="")) returned 1 [0039.240] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.240] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0039.240] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.240] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.chk" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mss.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.241] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2000, lpOverlapped=0x0) returned 1 [0039.242] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.242] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2000, lpOverlapped=0x0) returned 1 [0039.242] CloseHandle (hObject=0x48) returned 1 [0039.242] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0039.242] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.chk" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mss.chk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.chk.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mss.chk.adv")) returned 1 [0039.243] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0039.243] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0039.243] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x295a0600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x295a0600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="MSS.log", cAlternateFileName="")) returned 1 [0039.243] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.243] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0039.243] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.243] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mss.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.244] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x100000, lpOverlapped=0x0) returned 1 [0039.254] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.254] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x100000, lpOverlapped=0x0) returned 1 [0039.257] CloseHandle (hObject=0x48) returned 1 [0039.257] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0039.257] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mss.log"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSS.log.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mss.log.adv")) returned 1 [0039.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0039.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0039.259] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x295c6760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x295c6760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x295ec8c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="MSSres00001.jrs", cAlternateFileName="MSSRES~1.JRS")) returned 1 [0039.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.259] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0039.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.260] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00001.jrs" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mssres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.260] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x100000, lpOverlapped=0x0) returned 1 [0039.270] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.270] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x100000, lpOverlapped=0x0) returned 1 [0039.273] CloseHandle (hObject=0x48) returned 1 [0039.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0039.273] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00001.jrs" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mssres00001.jrs"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00001.jrs.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mssres00001.jrs.adv")) returned 1 [0039.273] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0039.273] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0039.273] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x295ec8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x295ec8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x295ec8c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="MSSres00002.jrs", cAlternateFileName="MSSRES~2.JRS")) returned 1 [0039.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0039.273] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.273] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00002.jrs" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mssres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.274] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x100000, lpOverlapped=0x0) returned 1 [0039.284] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.284] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x100000, lpOverlapped=0x0) returned 1 [0039.286] CloseHandle (hObject=0x48) returned 1 [0039.286] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0039.286] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00002.jrs" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mssres00002.jrs"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\MSSres00002.jrs.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\mssres00002.jrs.adv")) returned 1 [0039.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0039.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0039.287] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27eb7240, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="Projects", cAlternateFileName="")) returned 1 [0039.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0039.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0039.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0ac0 [0039.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0039.287] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27eb7240, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x8, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0039.287] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27eb7240, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x8, cFileName="..", cAlternateFileName="")) returned 1 [0039.287] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x8, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 1 [0039.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0039.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0039.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.287] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27eb7240, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0039.289] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27eb7240, cFileName="..", cAlternateFileName="")) returned 1 [0039.289] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27eb7240, cFileName="Indexer", cAlternateFileName="")) returned 1 [0039.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0039.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0039.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0039.289] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName=".", cAlternateFileName="")) returned 0x6edac8 [0039.290] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="..", cAlternateFileName="")) returned 1 [0039.290] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiFiles", cAlternateFileName="")) returned 1 [0039.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ba0 [0039.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3c68 [0039.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ba0 | out: hHeap=0x6d0000) returned 1 [0039.290] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3d90 [0039.290] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\*", lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName=".", cAlternateFileName="")) returned 0x6edb08 [0039.292] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="..", cAlternateFileName="")) returned 1 [0039.292] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299f0de0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299f0de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a16f40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiAB0001.000", cAlternateFileName="")) returned 1 [0039.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.292] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.292] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf0, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xf0, lpOverlapped=0x0) returned 1 [0039.293] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.293] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xf0, lpOverlapped=0x0) returned 1 [0039.293] CloseHandle (hObject=0x58) returned 1 [0039.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.293] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.000"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.000.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.000.adv")) returned 1 [0039.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.294] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a16f40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a16f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a16f40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiAB0001.001", cAlternateFileName="")) returned 1 [0039.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.294] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.295] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.295] CloseHandle (hObject=0x58) returned 1 [0039.295] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.295] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.001"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.001.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.001.adv")) returned 1 [0039.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.296] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a16f40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a16f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a16f40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiAB0001.002", cAlternateFileName="")) returned 1 [0039.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.296] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.002"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.296] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.296] CloseHandle (hObject=0x58) returned 1 [0039.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.296] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.002"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.002.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0001.002.adv")) returned 1 [0039.297] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.297] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.297] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a3d0a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiAB0002.000", cAlternateFileName="")) returned 1 [0039.297] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.297] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.297] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.297] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.297] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf0, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xf0, lpOverlapped=0x0) returned 1 [0039.298] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.298] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xf0, lpOverlapped=0x0) returned 1 [0039.298] CloseHandle (hObject=0x58) returned 1 [0039.299] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.299] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.000"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.000.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.000.adv")) returned 1 [0039.299] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.299] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.299] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a3d0a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiAB0002.001", cAlternateFileName="")) returned 1 [0039.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.300] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.300] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.300] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.300] CloseHandle (hObject=0x58) returned 1 [0039.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.300] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.001"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.001.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.001.adv")) returned 1 [0039.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.301] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a3d0a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiAB0002.002", cAlternateFileName="")) returned 1 [0039.301] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.301] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.301] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.002"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.302] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.302] CloseHandle (hObject=0x58) returned 1 [0039.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.302] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.002"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0002.002.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciab0002.002.adv")) returned 1 [0039.302] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.302] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.302] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299cac80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299cac80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x299f0de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiAD0001.000", cAlternateFileName="")) returned 1 [0039.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.303] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.303] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf0, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xf0, lpOverlapped=0x0) returned 1 [0039.304] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.304] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xf0, lpOverlapped=0x0) returned 1 [0039.305] CloseHandle (hObject=0x58) returned 1 [0039.305] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.305] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.000"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.000.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.000.adv")) returned 1 [0039.305] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.305] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.305] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299cac80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299cac80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x299cac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiAD0001.001", cAlternateFileName="")) returned 1 [0039.305] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.305] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.305] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.305] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.306] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.306] CloseHandle (hObject=0x58) returned 1 [0039.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.306] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.001"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.001.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.001.adv")) returned 1 [0039.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.307] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299cac80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299cac80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x299cac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiAD0001.002", cAlternateFileName="")) returned 1 [0039.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.307] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.002"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.308] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.308] CloseHandle (hObject=0x58) returned 1 [0039.308] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.308] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.002"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAD0001.002.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\ciad0001.002.adv")) returned 1 [0039.308] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.308] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.308] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2997e9c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2997e9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="INDEX.000", cAlternateFileName="")) returned 1 [0039.308] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.308] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.308] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.309] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.309] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf0, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0xf0, lpOverlapped=0x0) returned 1 [0039.310] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.310] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0xf0, lpOverlapped=0x0) returned 1 [0039.310] CloseHandle (hObject=0x58) returned 1 [0039.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.311] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.000"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.000.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.000.adv")) returned 1 [0039.311] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.311] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.311] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2997e9c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2997e9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2997e9c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="INDEX.001", cAlternateFileName="")) returned 1 [0039.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.311] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.311] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.312] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x10000, lpOverlapped=0x0) returned 1 [0039.314] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.314] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x10000, lpOverlapped=0x0) returned 1 [0039.314] CloseHandle (hObject=0x58) returned 1 [0039.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.314] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.001"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.001.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.001.adv")) returned 1 [0039.315] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.315] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.315] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2997e9c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2997e9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2997e9c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="INDEX.002", cAlternateFileName="")) returned 1 [0039.315] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.315] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.315] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.315] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.002"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.315] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x10000, lpOverlapped=0x0) returned 1 [0039.318] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.318] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x10000, lpOverlapped=0x0) returned 1 [0039.318] CloseHandle (hObject=0x58) returned 1 [0039.318] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.318] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.002"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\INDEX.002.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\index.002.adv")) returned 1 [0039.319] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.319] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.319] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="SETTINGS.DIA", cAlternateFileName="")) returned 1 [0039.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3e68 [0039.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3f40 [0039.319] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3e68 | out: hHeap=0x6d0000) returned 1 [0039.319] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\SETTINGS.DIA" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\settings.dia"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0039.320] ReadFile (in: hFile=0x58, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31d9ac*=0x4, lpOverlapped=0x0) returned 1 [0039.321] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.321] WriteFile (in: hFile=0x58, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x31d9ac, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31d9ac*=0x4, lpOverlapped=0x0) returned 1 [0039.321] CloseHandle (hObject=0x58) returned 1 [0039.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e4080 [0039.321] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\SETTINGS.DIA" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\settings.dia"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\SETTINGS.DIA.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\indexer\\cifiles\\settings.dia.adv")) returned 1 [0039.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4080 | out: hHeap=0x6d0000) returned 1 [0039.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3f40 | out: hHeap=0x6d0000) returned 1 [0039.321] FindNextFileW (in: hFindFile=0x6edb08, lpFindFileData=0x31d72c | out: lpFindFileData=0x31d72c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="SETTINGS.DIA", cAlternateFileName="")) returned 0 [0039.321] FindClose (in: hFindFile=0x6edb08 | out: hFindFile=0x6edb08) returned 1 [0039.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d90 | out: hHeap=0x6d0000) returned 1 [0039.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c68 | out: hHeap=0x6d0000) returned 1 [0039.322] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiFiles", cAlternateFileName="")) returned 0 [0039.322] FindClose (in: hFindFile=0x6edac8 | out: hFindFile=0x6edac8) returned 1 [0039.322] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0039.322] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0039.322] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27edd3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27eb7240, cFileName="PropMap", cAlternateFileName="")) returned 1 [0039.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0039.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0039.322] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0039.322] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27edd3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName=".", cAlternateFileName="")) returned 0x6edac8 [0039.322] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27edd3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="..", cAlternateFileName="")) returned 1 [0039.322] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiPT0000.000", cAlternateFileName="")) returned 1 [0039.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ba0 [0039.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3c68 [0039.322] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ba0 | out: hHeap=0x6d0000) returned 1 [0039.322] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0039.323] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xf0, lpOverlapped=0x0) returned 1 [0039.323] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.323] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xf0, lpOverlapped=0x0) returned 1 [0039.324] CloseHandle (hObject=0x54) returned 1 [0039.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d90 [0039.324] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000.adv")) returned 1 [0039.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d90 | out: hHeap=0x6d0000) returned 1 [0039.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c68 | out: hHeap=0x6d0000) returned 1 [0039.324] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiPT0000.001", cAlternateFileName="")) returned 1 [0039.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ba0 [0039.324] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3c68 [0039.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ba0 | out: hHeap=0x6d0000) returned 1 [0039.324] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0039.325] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x10000, lpOverlapped=0x0) returned 1 [0039.327] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.327] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x10000, lpOverlapped=0x0) returned 1 [0039.327] CloseHandle (hObject=0x54) returned 1 [0039.327] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d90 [0039.327] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001.adv")) returned 1 [0039.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d90 | out: hHeap=0x6d0000) returned 1 [0039.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c68 | out: hHeap=0x6d0000) returned 1 [0039.328] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiPT0000.002", cAlternateFileName="")) returned 1 [0039.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ba0 [0039.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3c68 [0039.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ba0 | out: hHeap=0x6d0000) returned 1 [0039.328] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0039.328] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x10000, lpOverlapped=0x0) returned 1 [0039.331] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.331] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x10000, lpOverlapped=0x0) returned 1 [0039.331] CloseHandle (hObject=0x54) returned 1 [0039.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d90 [0039.331] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002.adv")) returned 1 [0039.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d90 | out: hHeap=0x6d0000) returned 1 [0039.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c68 | out: hHeap=0x6d0000) returned 1 [0039.333] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiPT0000.002", cAlternateFileName="")) returned 0 [0039.333] FindClose (in: hFindFile=0x6edac8 | out: hFindFile=0x6edac8) returned 1 [0039.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0039.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0039.333] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27eb7240, cFileName="SecStore", cAlternateFileName="")) returned 1 [0039.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0039.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0039.333] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0039.334] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName=".", cAlternateFileName="")) returned 0x6edac8 [0039.334] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="..", cAlternateFileName="")) returned 1 [0039.334] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiST0000.000", cAlternateFileName="")) returned 1 [0039.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ba0 [0039.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3c68 [0039.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ba0 | out: hHeap=0x6d0000) returned 1 [0039.334] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0039.335] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0xf0, lpOverlapped=0x0) returned 1 [0039.336] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.336] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0xf0, lpOverlapped=0x0) returned 1 [0039.344] CloseHandle (hObject=0x54) returned 1 [0039.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d90 [0039.344] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000.adv")) returned 1 [0039.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d90 | out: hHeap=0x6d0000) returned 1 [0039.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c68 | out: hHeap=0x6d0000) returned 1 [0039.345] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiST0000.001", cAlternateFileName="")) returned 1 [0039.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ba0 [0039.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3c68 [0039.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ba0 | out: hHeap=0x6d0000) returned 1 [0039.345] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0039.346] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x10000, lpOverlapped=0x0) returned 1 [0039.349] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.349] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x10000, lpOverlapped=0x0) returned 1 [0039.349] CloseHandle (hObject=0x54) returned 1 [0039.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d90 [0039.350] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001.adv")) returned 1 [0039.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d90 | out: hHeap=0x6d0000) returned 1 [0039.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c68 | out: hHeap=0x6d0000) returned 1 [0039.350] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiST0000.002", cAlternateFileName="")) returned 1 [0039.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ba0 [0039.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3c68 [0039.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ba0 | out: hHeap=0x6d0000) returned 1 [0039.350] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0039.351] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x10000, lpOverlapped=0x0) returned 1 [0039.353] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.353] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x10000, lpOverlapped=0x0) returned 1 [0039.353] CloseHandle (hObject=0x54) returned 1 [0039.353] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d90 [0039.353] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002.adv" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002.adv")) returned 1 [0039.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d90 | out: hHeap=0x6d0000) returned 1 [0039.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c68 | out: hHeap=0x6d0000) returned 1 [0039.355] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1d2dd9c, dwReserved1=0x29958860, cFileName="CiST0000.002", cAlternateFileName="")) returned 0 [0039.355] FindClose (in: hFindFile=0x6edac8 | out: hFindFile=0x6edac8) returned 1 [0039.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0039.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0039.355] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27eb7240, cFileName="SecStore", cAlternateFileName="")) returned 0 [0039.355] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0039.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.355] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x8, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 0 [0039.355] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0039.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0039.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0039.355] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29612a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4810000, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="Windows.edb", cAlternateFileName="")) returned 1 [0039.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0039.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0039.356] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29612a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4810000, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="Windows.edb", cAlternateFileName="")) returned 0 [0039.356] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0039.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.356] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="Windows", cAlternateFileName="")) returned 0 [0039.356] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0039.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0039.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0039.356] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e1ecc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27df8b60, cFileName="Temp", cAlternateFileName="")) returned 1 [0039.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20b0 [0039.356] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0039.356] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="..", cAlternateFileName="")) returned 1 [0039.356] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27e6af80, cFileName="..", cAlternateFileName="")) returned 0 [0039.356] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0039.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0039.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.356] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e1ecc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x27df8b60, cFileName="Temp", cAlternateFileName="")) returned 0 [0039.356] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.357] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Data", cAlternateFileName="")) returned 0 [0039.357] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0039.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0039.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0039.357] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="User Account Pictures", cAlternateFileName="USERAC~1")) returned 1 [0039.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0039.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0039.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0039.357] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0039.357] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0039.357] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29423840, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="5p5NrGJn0jS HALPmcxz.dat", cAlternateFileName="5P5NRG~1.DAT")) returned 1 [0039.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea900 [0039.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1ed8 [0039.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea900 | out: hHeap=0x6d0000) returned 1 [0039.357] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0039.358] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.358] CloseHandle (hObject=0x3c) returned 1 [0039.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e1f88 [0039.358] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat.adv" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat.adv")) returned 1 [0039.358] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0039.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.359] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Default Pictures", cAlternateFileName="DEFAUL~1")) returned 1 [0039.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea900 [0039.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1ed8 [0039.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea900 | out: hHeap=0x6d0000) returned 1 [0039.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f88 [0039.359] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.360] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb, cFileName="..", cAlternateFileName="")) returned 1 [0039.360] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xda0a8861, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile10.bmp", cAlternateFileName="")) returned 1 [0039.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.360] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.362] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb5a2927, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile11.bmp", cAlternateFileName="")) returned 1 [0039.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.362] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.362] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2755d1, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2755d1, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb6d3417, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile12.bmp", cAlternateFileName="")) returned 1 [0039.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.362] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.362] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae29b72e, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae29b72e, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb76b98f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xbeb8, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile13.bmp", cAlternateFileName="")) returned 1 [0039.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.362] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.363] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb82a065, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile14.bmp", cAlternateFileName="")) returned 1 [0039.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.363] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.363] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdbb95fd7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile15.bmp", cAlternateFileName="")) returned 1 [0039.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.364] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.364] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae30db45, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae30db45, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdca9c9ed, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile16.bmp", cAlternateFileName="")) returned 1 [0039.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.364] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.364] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc3f8f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile17.bmp", cAlternateFileName="")) returned 1 [0039.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.364] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.364] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc65a55, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile18.bmp", cAlternateFileName="")) returned 1 [0039.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.364] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.364] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.365] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae359dff, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae359dff, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc8bbb3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile19.bmp", cAlternateFileName="")) returned 1 [0039.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.365] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.365] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae37ff5c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae37ff5c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdccb1d11, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile20.bmp", cAlternateFileName="")) returned 1 [0039.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.366] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.366] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd069f3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile21.bmp", cAlternateFileName="")) returned 1 [0039.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.366] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.366] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd09009d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile22.bmp", cAlternateFileName="")) returned 1 [0039.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.366] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.366] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.367] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3cc216, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3cc216, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd0b61fb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile23.bmp", cAlternateFileName="")) returned 1 [0039.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.367] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.367] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd232fa7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile24.bmp", cAlternateFileName="")) returned 1 [0039.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.367] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.367] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd259105, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile25.bmp", cAlternateFileName="")) returned 1 [0039.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.368] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.368] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd27f263, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile26.bmp", cAlternateFileName="")) returned 1 [0039.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.368] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.369] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4184d0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4184d0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd2a53c1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile27.bmp", cAlternateFileName="")) returned 1 [0039.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.369] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.369] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3177db, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile28.bmp", cAlternateFileName="")) returned 1 [0039.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.369] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.369] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd33d939, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile29.bmp", cAlternateFileName="")) returned 1 [0039.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.369] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.369] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae46478a, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae46478a, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile30.bmp", cAlternateFileName="")) returned 1 [0039.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.369] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.370] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile31.bmp", cAlternateFileName="")) returned 1 [0039.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.370] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.371] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd42216d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile32.bmp", cAlternateFileName="")) returned 1 [0039.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.371] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.371] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.371] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.371] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4b0a44, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4b0a44, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd4482cb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile33.bmp", cAlternateFileName="")) returned 1 [0039.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.371] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.371] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.371] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.371] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9c9561, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile34.bmp", cAlternateFileName="")) returned 1 [0039.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.371] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.371] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.372] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile35.bmp", cAlternateFileName="")) returned 1 [0039.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.372] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.372] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae548fb8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae548fb8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile36.bmp", cAlternateFileName="")) returned 1 [0039.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.372] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.372] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae595272, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae595272, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile37.bmp", cAlternateFileName="")) returned 1 [0039.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.373] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.373] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5bb3cf, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5bb3cf, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile38.bmp", cAlternateFileName="")) returned 1 [0039.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.373] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.374] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5e152c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5e152c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc2ab41, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile39.bmp", cAlternateFileName="")) returned 1 [0039.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.374] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.374] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae607689, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae607689, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc50c9f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile40.bmp", cAlternateFileName="")) returned 1 [0039.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.374] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.374] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae62d7e6, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae62d7e6, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddcc30b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile41.bmp", cAlternateFileName="")) returned 1 [0039.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.374] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.374] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.374] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddce9217, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile42.bmp", cAlternateFileName="")) returned 1 [0039.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.375] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.375] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd0f375, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile43.bmp", cAlternateFileName="")) returned 1 [0039.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.375] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.375] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile44.bmp", cAlternateFileName="")) returned 1 [0039.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2020 [0039.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0039.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2020 | out: hHeap=0x6d0000) returned 1 [0039.375] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.375] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0xb, cFileName="usertile44.bmp", cAlternateFileName="")) returned 0 [0039.375] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0039.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.376] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="guest.bmp", cAlternateFileName="")) returned 1 [0039.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea900 [0039.376] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1ed8 [0039.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea900 | out: hHeap=0x6d0000) returned 1 [0039.376] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0039.377] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xc038, lpOverlapped=0x0) returned 1 [0039.378] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.379] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc038, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xc038, lpOverlapped=0x0) returned 1 [0039.379] CloseHandle (hObject=0x3c) returned 1 [0039.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f88 [0039.379] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp.adv" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp.adv")) returned 1 [0039.379] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0039.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.380] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="user.bmp", cAlternateFileName="")) returned 1 [0039.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea900 [0039.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1ed8 [0039.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea900 | out: hHeap=0x6d0000) returned 1 [0039.380] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0039.380] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc038, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xc038, lpOverlapped=0x0) returned 1 [0039.381] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.381] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc038, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xc038, lpOverlapped=0x0) returned 1 [0039.381] CloseHandle (hObject=0x3c) returned 1 [0039.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0039.381] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp.adv" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user.bmp.adv")) returned 1 [0039.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0039.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.382] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="user.bmp", cAlternateFileName="")) returned 0 [0039.382] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0039.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0039.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0039.382] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Vault", cAlternateFileName="")) returned 1 [0039.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0039.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0039.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0039.382] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Vault\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0039.383] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0039.383] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 0 [0039.383] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0039.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0039.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0039.383] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="VISIO", cAlternateFileName="")) returned 1 [0039.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0039.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0039.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0039.383] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\VISIO\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0039.384] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0039.384] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 0 [0039.384] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0039.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0039.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0039.384] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Windows", cAlternateFileName="")) returned 1 [0039.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0039.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0039.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0039.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0039.384] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0039.384] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0039.384] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd5be7172, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="AIT", cAlternateFileName="")) returned 1 [0039.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.385] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AIT\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd5be7172, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.385] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd5be7172, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.385] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd5be7172, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 0 [0039.385] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.385] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x283ea490, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x9b86da60, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x9b86da60, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Caches", cAlternateFileName="")) returned 1 [0039.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.385] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x283ea490, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x9b86da60, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x9b86da60, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.385] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x283ea490, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x9b86da60, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x9b86da60, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.386] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x284cecd2, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x284cecd2, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x284cecd2, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="cversions.2.db", cAlternateFileName="CVERSI~1.DB")) returned 1 [0039.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0039.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.386] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\cversions.2.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.386] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x4000, lpOverlapped=0x0) returned 1 [0039.387] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.387] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x4000, lpOverlapped=0x0) returned 1 [0039.387] CloseHandle (hObject=0x40) returned 1 [0039.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0039.387] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\cversions.2.db"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\cversions.2.db.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\cversions.2.db.adv")) returned 1 [0039.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0039.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0039.388] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x10f4d170, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x10f4d170, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x10f4d170, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x418, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db", cAlternateFileName="{11336~1.DB")) returned 1 [0039.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0039.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.388] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.389] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x418, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x418, lpOverlapped=0x0) returned 1 [0039.390] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.390] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x418, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x418, lpOverlapped=0x0) returned 1 [0039.390] CloseHandle (hObject=0x40) returned 1 [0039.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2048 [0039.391] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{11336D5B-7F61-4871-82E3-E0F59766823B}.2.ver0x0000000000000001.db.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{11336d5b-7f61-4871-82e3-e0f59766823b}.2.ver0x0000000000000001.db.adv")) returned 1 [0039.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.391] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x75fef9b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x75fef9b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x75fef9b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x4c0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db", cAlternateFileName="{3978E~1.DB")) returned 1 [0039.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0039.391] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.391] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.392] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4c0, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x4c0, lpOverlapped=0x0) returned 1 [0039.393] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.393] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4c0, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x4c0, lpOverlapped=0x0) returned 1 [0039.393] CloseHandle (hObject=0x40) returned 1 [0039.393] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2048 [0039.393] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db.adv")) returned 1 [0039.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.394] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcf67691e, ftCreationTime.dwHighDateTime=0x1cb892d, ftLastAccessTime.dwLowDateTime=0xcf67691e, ftLastAccessTime.dwHighDateTime=0x1cb892d, ftLastWriteTime.dwLowDateTime=0xcf67691e, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x908, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db", cAlternateFileName="{40FC8~1.DB")) returned 1 [0039.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.394] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0039.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.394] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.394] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x908, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x908, lpOverlapped=0x0) returned 1 [0039.395] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.395] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x908, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x908, lpOverlapped=0x0) returned 1 [0039.395] CloseHandle (hObject=0x40) returned 1 [0039.395] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2048 [0039.396] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db.adv")) returned 1 [0039.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.396] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9b7d54e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x9b7d54e0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x9b7d54e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x418, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db", cAlternateFileName="{4E36E~1.DB")) returned 1 [0039.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0039.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.396] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.397] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x418, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x418, lpOverlapped=0x0) returned 1 [0039.397] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.397] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x418, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x418, lpOverlapped=0x0) returned 1 [0039.398] CloseHandle (hObject=0x40) returned 1 [0039.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2048 [0039.398] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db.adv")) returned 1 [0039.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.398] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab9fb9ff, ftCreationTime.dwHighDateTime=0x1cb892d, ftLastAccessTime.dwLowDateTime=0xab9fb9ff, ftLastAccessTime.dwHighDateTime=0x1cb892d, ftLastWriteTime.dwLowDateTime=0xab9fb9ff, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x908, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db", cAlternateFileName="{4E426~2.DB")) returned 1 [0039.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0039.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.399] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.399] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x908, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x908, lpOverlapped=0x0) returned 1 [0039.400] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.400] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x908, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x908, lpOverlapped=0x0) returned 1 [0039.401] CloseHandle (hObject=0x40) returned 1 [0039.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2048 [0039.401] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{4e4260a4-7e39-442e-bc22-7ff751d1c161}.2.ver0x0000000000000002.db.adv")) returned 1 [0039.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.401] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76015b10, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x76015b10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x76015b10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x2f390, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db", cAlternateFileName="{6AF06~1.DB")) returned 1 [0039.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0039.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.402] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.402] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2f390, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x2f390, lpOverlapped=0x0) returned 1 [0039.405] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.405] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2f390, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x2f390, lpOverlapped=0x0) returned 1 [0039.406] CloseHandle (hObject=0x40) returned 1 [0039.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2048 [0039.406] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000011.db.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000011.db.adv")) returned 1 [0039.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.407] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9b8217a0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x9b8217a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x9b8217a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2f5f0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", cAlternateFileName="{6AF06~2.DB")) returned 1 [0039.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0039.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.407] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.407] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2f5f0, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x2f5f0, lpOverlapped=0x0) returned 1 [0039.412] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.412] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2f5f0, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x2f5f0, lpOverlapped=0x0) returned 1 [0039.413] CloseHandle (hObject=0x40) returned 1 [0039.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2048 [0039.413] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db.adv")) returned 1 [0039.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.414] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab96347e, ftCreationTime.dwHighDateTime=0x1cb892d, ftLastAccessTime.dwLowDateTime=0xab96347e, ftLastAccessTime.dwHighDateTime=0x1cb892d, ftLastWriteTime.dwLowDateTime=0xab96347e, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x65578, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", cAlternateFileName="{DDF57~2.DB")) returned 1 [0039.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f08b0 [0039.414] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.414] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.414] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x65578, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x65578, lpOverlapped=0x0) returned 1 [0039.422] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.422] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x65578, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x65578, lpOverlapped=0x0) returned 1 [0039.423] CloseHandle (hObject=0x40) returned 1 [0039.423] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e2048 [0039.423] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db.adv")) returned 1 [0039.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.424] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab96347e, ftCreationTime.dwHighDateTime=0x1cb892d, ftLastAccessTime.dwLowDateTime=0xab96347e, ftLastAccessTime.dwHighDateTime=0x1cb892d, ftLastWriteTime.dwLowDateTime=0xab96347e, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x65578, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", cAlternateFileName="{DDF57~2.DB")) returned 0 [0039.424] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.424] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="DeviceMetadataStore", cAlternateFileName="DEVICE~1")) returned 1 [0039.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0039.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.425] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.425] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.425] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9dbcac, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="en-US", cAlternateFileName="")) returned 1 [0039.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0039.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4930 [0039.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6e1fe0 [0039.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4930 | out: hHeap=0x6d0000) returned 1 [0039.425] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9dbcac, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0039.425] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9dbcac, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="..", cAlternateFileName="")) returned 1 [0039.425] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x3736, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms", cAlternateFileName="")) returned 1 [0039.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4930 [0039.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f08b0 [0039.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4930 | out: hHeap=0x6d0000) returned 1 [0039.426] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.426] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1af79, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms", cAlternateFileName="")) returned 1 [0039.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4930 [0039.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f08b0 [0039.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4930 | out: hHeap=0x6d0000) returned 1 [0039.426] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms" (normalized: "c:\\users\\all users\\microsoft\\windows\\devicemetadatastore\\en-us\\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.426] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1af79, dwReserved0=0x1ca0431, dwReserved1=0xfd9b5b52, cFileName="63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms", cAlternateFileName="")) returned 0 [0039.426] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0039.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0039.426] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9dbcac, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="en-US", cAlternateFileName="")) returned 0 [0039.426] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0039.426] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="DRM", cAlternateFileName="")) returned 1 [0039.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.426] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DRM\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.428] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.428] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Cache", cAlternateFileName="")) returned 1 [0039.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20b0 [0039.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0039.428] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DRM\\Cache\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x80020c30, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0039.428] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x80020c30, cFileName="..", cAlternateFileName="")) returned 1 [0039.428] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x80020c30, cFileName="..", cAlternateFileName="")) returned 0 [0039.428] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0039.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.428] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Cache", cAlternateFileName="")) returned 0 [0039.428] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.428] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeea3462, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="GameExplorer", cAlternateFileName="GAMEEX~1")) returned 1 [0039.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0039.428] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeea3462, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.429] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeea3462, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.429] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeea3462, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 0 [0039.429] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0039.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.429] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80e53620, ftLastAccessTime.dwHighDateTime=0x1d305f5, ftLastWriteTime.dwLowDateTime=0x80e53620, ftLastWriteTime.dwHighDateTime=0x1d305f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Power Efficiency Diagnostics", cAlternateFileName="POWERE~1")) returned 1 [0039.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2038 [0039.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0039.429] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80e53620, ftLastAccessTime.dwHighDateTime=0x1d305f5, ftLastWriteTime.dwLowDateTime=0x80e53620, ftLastWriteTime.dwHighDateTime=0x1d305f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.431] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80e53620, ftLastAccessTime.dwHighDateTime=0x1d305f5, ftLastWriteTime.dwLowDateTime=0x80e53620, ftLastWriteTime.dwHighDateTime=0x1d305f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.431] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4a5dfc0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xb4a5dfc0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x7f828940, ftLastWriteTime.dwHighDateTime=0x1d305f5, nFileSizeHigh=0x0, nFileSizeLow=0x2b0000, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="energy-ntkl.etl", cAlternateFileName="ENERGY~2.ETL")) returned 1 [0039.431] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.431] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0039.431] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.431] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-ntkl.etl" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-ntkl.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.432] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2b0000, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x2b0000, lpOverlapped=0x0) returned 1 [0039.478] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.478] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2b0000, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x2b0000, lpOverlapped=0x0) returned 1 [0039.506] CloseHandle (hObject=0x40) returned 1 [0039.506] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0039.506] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-ntkl.etl" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-ntkl.etl"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-ntkl.etl.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-ntkl.etl.adv")) returned 1 [0039.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0039.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0039.507] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9bd2ca0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xd9bd2ca0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xd9bd2ca0, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x7122, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="energy-report-2017-07-12.xml", cAlternateFileName="ENERGY~2.XML")) returned 1 [0039.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.507] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0039.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.507] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.509] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7122, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x7122, lpOverlapped=0x0) returned 1 [0039.511] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.511] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7122, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x7122, lpOverlapped=0x0) returned 1 [0039.511] CloseHandle (hObject=0x40) returned 1 [0039.512] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-12.xml.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-12.xml.adv")) returned 1 [0039.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0039.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0039.512] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e53620, ftCreationTime.dwHighDateTime=0x1d305f5, ftLastAccessTime.dwLowDateTime=0x80e53620, ftLastAccessTime.dwHighDateTime=0x1d305f5, ftLastWriteTime.dwLowDateTime=0x80e53620, ftLastWriteTime.dwHighDateTime=0x1d305f5, nFileSizeHigh=0x0, nFileSizeLow=0x5600, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="energy-report-2017-07-26.xml", cAlternateFileName="ENERGY~3.XML")) returned 1 [0039.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.512] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.513] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5600, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x5600, lpOverlapped=0x0) returned 1 [0039.514] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.514] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5600, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x5600, lpOverlapped=0x0) returned 1 [0039.515] CloseHandle (hObject=0x40) returned 1 [0039.515] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ac0 [0039.515] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-07-26.xml.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-07-26.xml.adv")) returned 1 [0039.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0039.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0039.516] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9b145c0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xd9b145c0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x80e53620, ftLastWriteTime.dwHighDateTime=0x1d305f5, nFileSizeHigh=0x0, nFileSizeLow=0x5600, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="energy-report-latest.xml", cAlternateFileName="ENERGY~1.XML")) returned 1 [0039.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.516] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0039.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.516] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.517] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5600, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x5600, lpOverlapped=0x0) returned 1 [0039.519] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.519] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5600, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x5600, lpOverlapped=0x0) returned 1 [0039.519] CloseHandle (hObject=0x40) returned 1 [0039.519] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0ac0 [0039.519] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml.adv")) returned 1 [0039.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0039.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0039.520] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9c91380, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xd9c91380, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x812c9f60, ftLastWriteTime.dwHighDateTime=0x1d305f5, nFileSizeHigh=0x0, nFileSizeLow=0x41f0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="energy-report.html", cAlternateFileName="ENERGY~1.HTM")) returned 1 [0039.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.520] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0039.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.520] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.520] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x41f0, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x41f0, lpOverlapped=0x0) returned 1 [0039.522] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.522] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x41f0, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x41f0, lpOverlapped=0x0) returned 1 [0039.522] CloseHandle (hObject=0x40) returned 1 [0039.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0ac0 [0039.522] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html.adv")) returned 1 [0039.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0039.523] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0039.523] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4a5dfc0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xb4a5dfc0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x7f8c0ec0, ftLastWriteTime.dwHighDateTime=0x1d305f5, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="energy-trace.etl", cAlternateFileName="ENERGY~1.ETL")) returned 1 [0039.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0039.523] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.523] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-trace.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.523] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20000, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x20000, lpOverlapped=0x0) returned 1 [0039.526] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.526] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20000, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x20000, lpOverlapped=0x0) returned 1 [0039.526] CloseHandle (hObject=0x40) returned 1 [0039.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0039.526] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-trace.etl"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-trace.etl.adv")) returned 1 [0039.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0039.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0039.527] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4a5dfc0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xb4a5dfc0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x7f8c0ec0, ftLastWriteTime.dwHighDateTime=0x1d305f5, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="energy-trace.etl", cAlternateFileName="ENERGY~1.ETL")) returned 0 [0039.527] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0039.527] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Ringtones", cAlternateFileName="RINGTO~1")) returned 1 [0039.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2048 [0039.527] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.527] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.529] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.529] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x264, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.529] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.529] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.529] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.530] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x264, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x264, lpOverlapped=0x0) returned 1 [0039.531] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.531] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x264, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x264, lpOverlapped=0x0) returned 1 [0039.531] CloseHandle (hObject=0x40) returned 1 [0039.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0039.531] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\desktop.ini.adv")) returned 1 [0039.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0039.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.532] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80366a76, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x31469, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 01.wma", cAlternateFileName="RINGTO~3.WMA")) returned 1 [0039.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.532] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.532] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 01.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.532] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x31469, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x31469, lpOverlapped=0x0) returned 1 [0039.536] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.536] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x31469, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x31469, lpOverlapped=0x0) returned 1 [0039.536] CloseHandle (hObject=0x40) returned 1 [0039.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.536] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 01.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 01.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 01.wma.adv")) returned 1 [0039.537] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.537] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.537] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x21fbf, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 02.wma", cAlternateFileName="RI5404~1.WMA")) returned 1 [0039.537] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.537] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.537] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.537] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 02.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.538] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21fbf, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x21fbf, lpOverlapped=0x0) returned 1 [0039.541] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.541] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21fbf, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x21fbf, lpOverlapped=0x0) returned 1 [0039.542] CloseHandle (hObject=0x40) returned 1 [0039.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.542] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 02.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 02.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 02.wma.adv")) returned 1 [0039.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.542] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x170f9, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 03.wma", cAlternateFileName="RI0FCF~1.WMA")) returned 1 [0039.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.543] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 03.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.543] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x170f9, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x170f9, lpOverlapped=0x0) returned 1 [0039.546] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.546] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x170f9, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x170f9, lpOverlapped=0x0) returned 1 [0039.547] CloseHandle (hObject=0x40) returned 1 [0039.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.547] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 03.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 03.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 03.wma.adv")) returned 1 [0039.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.547] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80366a76, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a039, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 04.wma", cAlternateFileName="RINGTO~4.WMA")) returned 1 [0039.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.547] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 04.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.548] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3a039, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x3a039, lpOverlapped=0x0) returned 1 [0039.552] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.553] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3a039, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x3a039, lpOverlapped=0x0) returned 1 [0039.556] CloseHandle (hObject=0x40) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.556] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 04.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 04.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 04.wma.adv")) returned 1 [0039.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.556] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80366a76, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1b6e1, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 05.wma", cAlternateFileName="RINGTO~1.WMA")) returned 1 [0039.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.557] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.557] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 05.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.557] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1b6e1, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x1b6e1, lpOverlapped=0x0) returned 1 [0039.559] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.559] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1b6e1, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x1b6e1, lpOverlapped=0x0) returned 1 [0039.560] CloseHandle (hObject=0x40) returned 1 [0039.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.560] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 05.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 05.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 05.wma.adv")) returned 1 [0039.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.561] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x170f9, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 06.wma", cAlternateFileName="RIF0DC~1.WMA")) returned 1 [0039.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.561] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 06.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.562] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x170f9, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x170f9, lpOverlapped=0x0) returned 1 [0039.564] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.564] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x170f9, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x170f9, lpOverlapped=0x0) returned 1 [0039.564] CloseHandle (hObject=0x40) returned 1 [0039.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.565] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 06.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 06.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 06.wma.adv")) returned 1 [0039.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.565] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80366a76, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x170f9, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 07.wma", cAlternateFileName="RID564~1.WMA")) returned 1 [0039.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.565] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 07.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.566] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x170f9, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x170f9, lpOverlapped=0x0) returned 1 [0039.574] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.574] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x170f9, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x170f9, lpOverlapped=0x0) returned 1 [0039.574] CloseHandle (hObject=0x40) returned 1 [0039.574] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.574] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 07.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 07.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 07.wma.adv")) returned 1 [0039.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.575] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80366a76, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x21fbd, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 08.wma", cAlternateFileName="RINGTO~2.WMA")) returned 1 [0039.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.575] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.575] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 08.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.576] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21fbd, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x21fbd, lpOverlapped=0x0) returned 1 [0039.579] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.579] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21fbd, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x21fbd, lpOverlapped=0x0) returned 1 [0039.579] CloseHandle (hObject=0x40) returned 1 [0039.579] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.579] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 08.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 08.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 08.wma.adv")) returned 1 [0039.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.580] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1b6e1, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 09.wma", cAlternateFileName="RI70DC~1.WMA")) returned 1 [0039.580] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.580] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.580] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.580] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 09.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.581] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1b6e1, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x1b6e1, lpOverlapped=0x0) returned 1 [0039.583] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.583] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1b6e1, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x1b6e1, lpOverlapped=0x0) returned 1 [0039.584] CloseHandle (hObject=0x40) returned 1 [0039.584] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.584] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 09.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 09.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 09.wma.adv")) returned 1 [0039.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.585] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x170f9, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 10.wma", cAlternateFileName="RI35A2~1.WMA")) returned 1 [0039.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.585] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 10.wma"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.585] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x170f9, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x170f9, lpOverlapped=0x0) returned 1 [0039.594] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.594] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x170f9, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x170f9, lpOverlapped=0x0) returned 1 [0039.594] CloseHandle (hObject=0x40) returned 1 [0039.594] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0039.594] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 10.wma"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\Ringtone 10.wma.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\ringtones\\ringtone 10.wma.adv")) returned 1 [0039.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.595] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x170f9, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Ringtone 10.wma", cAlternateFileName="RI35A2~1.WMA")) returned 0 [0039.595] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.595] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Sqm", cAlternateFileName="")) returned 1 [0039.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.595] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Sqm\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.595] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.595] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Manifest", cAlternateFileName="")) returned 1 [0039.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0039.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0039.595] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Sqm\\Manifest\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de2a, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0039.596] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de2a, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.596] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de2a, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 0 [0039.596] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0039.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0039.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0039.596] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Sessions", cAlternateFileName="")) returned 1 [0039.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0039.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0039.596] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Sqm\\Sessions\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de2a, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0039.596] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de2a, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.596] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de2a, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 0 [0039.596] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0039.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0039.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0039.596] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Upload", cAlternateFileName="")) returned 1 [0039.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0039.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20b0 [0039.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0039.597] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Sqm\\Upload\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de2a, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0039.597] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de2a, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.597] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de2a, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 0 [0039.597] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0039.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0039.597] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60ae73a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Upload", cAlternateFileName="")) returned 0 [0039.597] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0039.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0039.597] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1cc35f15, ftLastAccessTime.dwHighDateTime=0x1ca0440, ftLastWriteTime.dwLowDateTime=0x1cc35f15, ftLastWriteTime.dwHighDateTime=0x1ca0440, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0039.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0039.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0039.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2048 [0039.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.597] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1cc35f15, ftLastAccessTime.dwHighDateTime=0x1ca0440, ftLastWriteTime.dwLowDateTime=0x1cc35f15, ftLastWriteTime.dwHighDateTime=0x1ca0440, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0039.597] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1cc35f15, ftLastAccessTime.dwHighDateTime=0x1ca0440, ftLastWriteTime.dwLowDateTime=0x1cc35f15, ftLastWriteTime.dwHighDateTime=0x1ca0440, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0039.598] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1cc35f15, ftCreationTime.dwHighDateTime=0x1ca0440, ftLastAccessTime.dwLowDateTime=0x1cc35f15, ftLastAccessTime.dwHighDateTime=0x1ca0440, ftLastWriteTime.dwLowDateTime=0x1cc35f15, ftLastWriteTime.dwHighDateTime=0x1ca0440, nFileSizeHigh=0x0, nFileSizeLow=0x502, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Default Programs.lnk", cAlternateFileName="DEFAUL~1.LNK")) returned 1 [0039.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.598] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\default programs.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.598] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x502, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x502, lpOverlapped=0x0) returned 1 [0039.605] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.606] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x502, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x502, lpOverlapped=0x0) returned 1 [0039.606] CloseHandle (hObject=0x40) returned 1 [0039.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0948 [0039.606] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\default programs.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Default Programs.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\default programs.lnk.adv")) returned 1 [0039.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.607] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7f5a4e15, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x7f5a4e15, ftLastAccessTime.dwHighDateTime=0x1ca043e, ftLastWriteTime.dwLowDateTime=0x1cc35f15, ftLastWriteTime.dwHighDateTime=0x1ca0440, nFileSizeHigh=0x0, nFileSizeLow=0x1ba, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.607] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0039.607] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1ba, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x1ba, lpOverlapped=0x0) returned 1 [0039.608] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.608] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1ba, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x1ba, lpOverlapped=0x0) returned 1 [0039.608] CloseHandle (hObject=0x40) returned 1 [0039.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0039.608] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\desktop.ini.adv")) returned 1 [0039.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0039.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0039.611] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Programs", cAlternateFileName="")) returned 1 [0039.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0039.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0039.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0039.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0039.611] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0039.612] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="..", cAlternateFileName="")) returned 1 [0039.612] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81caf400, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x8246bb80, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0039.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0039.612] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81caf400, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x8246bb80, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.612] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81caf400, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x8246bb80, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="..", cAlternateFileName="")) returned 1 [0039.612] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x89bce0a9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x89bf4209, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0039.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.612] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x89bce0a9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x89bf4209, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x81caf400, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0039.612] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x89bce0a9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x89bf4209, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x81caf400, cFileName="..", cAlternateFileName="")) returned 1 [0039.612] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec0a7698, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xec0a7698, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x89bf4209, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x172, dwReserved0=0x1ca0431, dwReserved1=0x81caf400, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0039.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.612] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.613] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x172, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x172, lpOverlapped=0x0) returned 1 [0039.613] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.613] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x172, lpOverlapped=0x0) returned 1 [0039.614] CloseHandle (hObject=0x4c) returned 1 [0039.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3a20 [0039.614] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.adv")) returned 1 [0039.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.614] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89bce0a9, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x89bce0a9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x89bce0a9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x56c, dwReserved0=0x1ca0431, dwReserved1=0x81caf400, cFileName="Speech Recognition.lnk", cAlternateFileName="SPEECH~1.LNK")) returned 1 [0039.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.615] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.615] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x56c, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x56c, lpOverlapped=0x0) returned 1 [0039.616] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.616] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x56c, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x56c, lpOverlapped=0x0) returned 1 [0039.617] CloseHandle (hObject=0x4c) returned 1 [0039.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3a20 [0039.617] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Speech Recognition.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\speech recognition.lnk.adv")) returned 1 [0039.617] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.617] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.618] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89bce0a9, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x89bce0a9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x89bce0a9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x56c, dwReserved0=0x1ca0431, dwReserved1=0x81caf400, cFileName="Speech Recognition.lnk", cAlternateFileName="SPEECH~1.LNK")) returned 0 [0039.618] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0039.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.618] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e3e9c58, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3e3e9c58, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3e435f19, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ce, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Calculator.lnk", cAlternateFileName="CALCUL~1.LNK")) returned 1 [0039.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.618] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.618] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ce, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4ce, lpOverlapped=0x0) returned 1 [0039.620] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.620] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ce, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4ce, lpOverlapped=0x0) returned 1 [0039.620] CloseHandle (hObject=0x48) returned 1 [0039.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.620] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\calculator.lnk.adv")) returned 1 [0039.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.621] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec08153b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xec08153b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x8246bb80, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x73e, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0039.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.621] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.621] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x73e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x73e, lpOverlapped=0x0) returned 1 [0039.622] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.622] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x73e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x73e, lpOverlapped=0x0) returned 1 [0039.622] CloseHandle (hObject=0x48) returned 1 [0039.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.622] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.adv")) returned 1 [0039.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.623] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27fbfe08, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x27fbfe08, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28032229, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4f2, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="displayswitch.lnk", cAlternateFileName="DISPLA~1.LNK")) returned 1 [0039.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.623] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.624] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4f2, lpOverlapped=0x0) returned 1 [0039.625] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.625] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4f2, lpOverlapped=0x0) returned 1 [0039.625] CloseHandle (hObject=0x48) returned 1 [0039.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.626] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\displayswitch.lnk.adv")) returned 1 [0039.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.626] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80c2bb60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80c2bb60, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x8246bb80, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x554, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Math Input Panel.lnk", cAlternateFileName="MATHIN~1.LNK")) returned 1 [0039.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.626] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.627] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x554, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x554, lpOverlapped=0x0) returned 1 [0039.629] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.629] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x554, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x554, lpOverlapped=0x0) returned 1 [0039.629] CloseHandle (hObject=0x48) returned 1 [0039.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.629] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Math Input Panel.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\math input panel.lnk.adv")) returned 1 [0039.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.630] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80c77e20, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80c77e20, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x80c77e20, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Mobility Center.lnk", cAlternateFileName="MOBILI~1.LNK")) returned 1 [0039.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.630] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.630] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.630] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4d6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4d6, lpOverlapped=0x0) returned 1 [0039.633] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.633] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4d6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4d6, lpOverlapped=0x0) returned 1 [0039.633] CloseHandle (hObject=0x48) returned 1 [0039.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.633] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Mobility Center.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\mobility center.lnk.adv")) returned 1 [0039.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.634] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80afb060, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80afb060, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x80afb060, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4da, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="NetworkProjection.lnk", cAlternateFileName="NETWOR~1.LNK")) returned 1 [0039.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.634] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.634] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.634] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4da, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4da, lpOverlapped=0x0) returned 1 [0039.636] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.636] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4da, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4da, lpOverlapped=0x0) returned 1 [0039.636] CloseHandle (hObject=0x48) returned 1 [0039.637] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.637] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\NetworkProjection.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\networkprojection.lnk.adv")) returned 1 [0039.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.637] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d8b74ec, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2d8b74ec, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2da0e14f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4da, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Paint.lnk", cAlternateFileName="")) returned 1 [0039.637] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.637] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.638] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.638] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.638] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4da, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4da, lpOverlapped=0x0) returned 1 [0039.640] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.640] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4da, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4da, lpOverlapped=0x0) returned 1 [0039.640] CloseHandle (hObject=0x48) returned 1 [0039.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.640] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\paint.lnk.adv")) returned 1 [0039.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.641] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x173a8e5b, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x173a8e5b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x174413dc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x557, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Remote Desktop Connection.lnk", cAlternateFileName="REMOTE~1.LNK")) returned 1 [0039.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.641] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.641] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x557, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x557, lpOverlapped=0x0) returned 1 [0039.643] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.643] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x557, lpOverlapped=0x0) returned 1 [0039.643] CloseHandle (hObject=0x48) returned 1 [0039.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0aa8 [0039.644] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\remote desktop connection.lnk.adv")) returned 1 [0039.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.644] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81caf400, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x81caf400, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81caf400, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4f8, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Snipping Tool.lnk", cAlternateFileName="SNIPPI~1.LNK")) returned 1 [0039.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.645] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.645] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f8, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4f8, lpOverlapped=0x0) returned 1 [0039.647] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.647] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f8, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4f8, lpOverlapped=0x0) returned 1 [0039.647] CloseHandle (hObject=0x48) returned 1 [0039.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.647] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\snipping tool.lnk.adv")) returned 1 [0039.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.648] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aad4ba5, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8aad4ba5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8aad4ba5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x532, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Sound Recorder.lnk", cAlternateFileName="SOUNDR~1.LNK")) returned 1 [0039.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.648] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.648] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x532, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x532, lpOverlapped=0x0) returned 1 [0039.650] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.650] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x532, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x532, lpOverlapped=0x0) returned 1 [0039.650] CloseHandle (hObject=0x48) returned 1 [0039.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.650] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sound Recorder.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\sound recorder.lnk.adv")) returned 1 [0039.651] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.651] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.651] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80cc40e0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80cc40e0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x80cc40e0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x547, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Sticky Notes.lnk", cAlternateFileName="STICKY~1.LNK")) returned 1 [0039.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.651] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.651] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.651] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x547, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x547, lpOverlapped=0x0) returned 1 [0039.653] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.653] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x547, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x547, lpOverlapped=0x0) returned 1 [0039.653] CloseHandle (hObject=0x48) returned 1 [0039.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.653] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\sticky notes.lnk.adv")) returned 1 [0039.654] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.654] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.654] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c9baa28, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3c9baa28, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3ca06ce9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e6, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Sync Center.lnk", cAlternateFileName="SYNCCE~1.LNK")) returned 1 [0039.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.654] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.654] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.655] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4e6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4e6, lpOverlapped=0x0) returned 1 [0039.656] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.656] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4e6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4e6, lpOverlapped=0x0) returned 1 [0039.656] CloseHandle (hObject=0x48) returned 1 [0039.656] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.656] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sync Center.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\sync center.lnk.adv")) returned 1 [0039.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.657] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8ace9ee9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ace9ee9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0039.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.657] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8ace9ee9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ace9ee9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cb, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0039.658] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8ace9ee9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ace9ee9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="..", cAlternateFileName="")) returned 1 [0039.658] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e4ce49a, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3e4ce49a, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3e51a75b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e0, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Character Map.lnk", cAlternateFileName="CHARAC~1.LNK")) returned 1 [0039.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.658] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.658] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4e0, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4e0, lpOverlapped=0x0) returned 1 [0039.660] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.660] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4e0, lpOverlapped=0x0) returned 1 [0039.660] CloseHandle (hObject=0x4c) returned 1 [0039.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3a20 [0039.660] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Character Map.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\character map.lnk.adv")) returned 1 [0039.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.661] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec0f3952, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xec0f3952, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x8ace9ee9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x53a, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0039.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.661] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.661] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.661] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x53a, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x53a, lpOverlapped=0x0) returned 1 [0039.662] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.662] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x53a, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x53a, lpOverlapped=0x0) returned 1 [0039.662] CloseHandle (hObject=0x4c) returned 1 [0039.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3a20 [0039.662] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.adv")) returned 1 [0039.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.663] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x297b3b95, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x297b3b95, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x29825fb5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x50a, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="dfrgui.lnk", cAlternateFileName="")) returned 1 [0039.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.663] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.664] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x50a, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x50a, lpOverlapped=0x0) returned 1 [0039.666] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.666] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x50a, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x50a, lpOverlapped=0x0) returned 1 [0039.666] CloseHandle (hObject=0x4c) returned 1 [0039.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3a20 [0039.666] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\dfrgui.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\dfrgui.lnk.adv")) returned 1 [0039.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.667] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d31a0d9, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3d31a0d9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3d36639a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e4, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Disk Cleanup.lnk", cAlternateFileName="DISKCL~1.LNK")) returned 1 [0039.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.667] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.667] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4e4, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4e4, lpOverlapped=0x0) returned 1 [0039.669] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.669] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4e4, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4e4, lpOverlapped=0x0) returned 1 [0039.669] CloseHandle (hObject=0x4c) returned 1 [0039.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3a20 [0039.669] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Disk Cleanup.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\disk cleanup.lnk.adv")) returned 1 [0039.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.670] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x141abfff, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x141abfff, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x14375082, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4da, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Resource Monitor.lnk", cAlternateFileName="RESOUR~1.LNK")) returned 1 [0039.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.670] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.671] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4da, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4da, lpOverlapped=0x0) returned 1 [0039.672] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.672] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4da, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4da, lpOverlapped=0x0) returned 1 [0039.672] CloseHandle (hObject=0x4c) returned 1 [0039.672] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3a20 [0039.673] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Resource Monitor.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\resource monitor.lnk.adv")) returned 1 [0039.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.673] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5e7f40, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xa5e7f40, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0xa5e7f40, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="System Information.lnk", cAlternateFileName="SYSTEM~1.LNK")) returned 1 [0039.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.673] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.673] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.674] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4e2, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4e2, lpOverlapped=0x0) returned 1 [0039.676] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.676] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4e2, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4e2, lpOverlapped=0x0) returned 1 [0039.676] CloseHandle (hObject=0x4c) returned 1 [0039.676] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3a20 [0039.676] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Information.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system information.lnk.adv")) returned 1 [0039.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.677] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c8d61e7, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3c8d61e7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3c8fc347, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4de, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="System Restore.lnk", cAlternateFileName="SYSTEM~2.LNK")) returned 1 [0039.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.677] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.677] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.677] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.678] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4de, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4de, lpOverlapped=0x0) returned 1 [0039.680] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.680] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4de, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4de, lpOverlapped=0x0) returned 1 [0039.680] CloseHandle (hObject=0x4c) returned 1 [0039.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3a20 [0039.680] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\System Restore.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\system restore.lnk.adv")) returned 1 [0039.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.681] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b9eb814, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2b9eb814, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2b9eb814, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4f4, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Task Scheduler.lnk", cAlternateFileName="TASKSC~1.LNK")) returned 1 [0039.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.681] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.682] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f4, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4f4, lpOverlapped=0x0) returned 1 [0039.683] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.683] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f4, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4f4, lpOverlapped=0x0) returned 1 [0039.683] CloseHandle (hObject=0x4c) returned 1 [0039.683] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3a20 [0039.683] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Task Scheduler.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\task scheduler.lnk.adv")) returned 1 [0039.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.684] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ace9ee9, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8ace9ee9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ace9ee9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x528, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Windows Easy Transfer Reports.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0039.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.684] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.685] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x528, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x528, lpOverlapped=0x0) returned 1 [0039.686] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.686] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x528, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x528, lpOverlapped=0x0) returned 1 [0039.687] CloseHandle (hObject=0x4c) returned 1 [0039.687] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a20 [0039.687] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer Reports.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer reports.lnk.adv")) returned 1 [0039.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.687] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac9dc28, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8ac9dc28, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ac9dc28, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x524, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Windows Easy Transfer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0039.687] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0039.688] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3910 [0039.688] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.688] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.688] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x524, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x524, lpOverlapped=0x0) returned 1 [0039.690] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.690] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x524, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x524, lpOverlapped=0x0) returned 1 [0039.690] CloseHandle (hObject=0x4c) returned 1 [0039.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3a20 [0039.690] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\windows easy transfer.lnk.adv")) returned 1 [0039.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a20 | out: hHeap=0x6d0000) returned 1 [0039.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0039.691] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac9dc28, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8ac9dc28, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ac9dc28, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x524, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Windows Easy Transfer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0039.691] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0039.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.691] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8126b520, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81291680, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Tablet PC", cAlternateFileName="TABLET~1")) returned 1 [0039.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0aa8 [0039.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3858 [0039.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.691] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8126b520, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81291680, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cb, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0039.691] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8126b520, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81291680, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="..", cAlternateFileName="")) returned 1 [0039.692] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a217df5, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x81291680, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x157, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0039.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0aa8 [0039.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3950 [0039.692] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.692] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.692] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x157, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x157, lpOverlapped=0x0) returned 1 [0039.693] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.693] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x157, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x157, lpOverlapped=0x0) returned 1 [0039.693] CloseHandle (hObject=0x4c) returned 1 [0039.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.693] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\desktop.ini.adv")) returned 1 [0039.694] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.694] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3950 | out: hHeap=0x6d0000) returned 1 [0039.694] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x811d2fa0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x811d2fa0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x811d2fa0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="ShapeCollector.lnk", cAlternateFileName="SHAPEC~1.LNK")) returned 1 [0039.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0aa8 [0039.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3950 [0039.694] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.694] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.694] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x59c, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x59c, lpOverlapped=0x0) returned 1 [0039.696] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.696] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x59c, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x59c, lpOverlapped=0x0) returned 1 [0039.696] CloseHandle (hObject=0x4c) returned 1 [0039.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0aa8 [0039.696] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\ShapeCollector.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\shapecollector.lnk.adv")) returned 1 [0039.697] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.697] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3950 | out: hHeap=0x6d0000) returned 1 [0039.697] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8126b520, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x8126b520, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x8126b520, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x56a, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="TabTip.lnk", cAlternateFileName="")) returned 1 [0039.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0aa8 [0039.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3950 [0039.697] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.697] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.698] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x56a, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x56a, lpOverlapped=0x0) returned 1 [0039.699] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.699] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x56a, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x56a, lpOverlapped=0x0) returned 1 [0039.700] CloseHandle (hObject=0x4c) returned 1 [0039.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.700] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\TabTip.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\tabtip.lnk.adv")) returned 1 [0039.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3950 | out: hHeap=0x6d0000) returned 1 [0039.700] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80d103a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80d103a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x80d103a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x524, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Windows Journal.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0039.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0aa8 [0039.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3950 [0039.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.701] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.701] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x524, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x524, lpOverlapped=0x0) returned 1 [0039.702] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.703] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x524, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x524, lpOverlapped=0x0) returned 1 [0039.703] CloseHandle (hObject=0x4c) returned 1 [0039.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0aa8 [0039.703] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Windows Journal.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\tablet pc\\windows journal.lnk.adv")) returned 1 [0039.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3950 | out: hHeap=0x6d0000) returned 1 [0039.704] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80d103a0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x80d103a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x80d103a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x524, dwReserved0=0x0, dwReserved1=0x1cb, cFileName="Windows Journal.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0039.704] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0039.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.704] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b13a6d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8b13a6d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8b13a6d0, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x62b, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Welcome Center.lnk", cAlternateFileName="WELCOM~1.LNK")) returned 1 [0039.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.704] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.704] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x62b, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x62b, lpOverlapped=0x0) returned 1 [0039.706] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.706] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x62b, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x62b, lpOverlapped=0x0) returned 1 [0039.706] CloseHandle (hObject=0x48) returned 1 [0039.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.706] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\welcome center.lnk.adv")) returned 1 [0039.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.707] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8d79c9d7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d7c2b37, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Windows PowerShell", cAlternateFileName="WINDOW~1")) returned 1 [0039.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3858 [0039.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.707] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8d79c9d7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d7c2b37, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1ca, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0039.708] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8d79c9d7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d7c2b37, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1ca, cFileName="..", cAlternateFileName="")) returned 1 [0039.708] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d776877, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8d776877, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d7c2b37, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x1ca, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3968 [0039.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.708] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.708] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xd8, lpOverlapped=0x0) returned 1 [0039.709] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.709] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xd8, lpOverlapped=0x0) returned 1 [0039.709] CloseHandle (hObject=0x4c) returned 1 [0039.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0aa8 [0039.709] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\desktop.ini.adv")) returned 1 [0039.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0039.710] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bef7178, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bef7178, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x7c5, dwReserved0=0x0, dwReserved1=0x1ca, cFileName="Windows PowerShell (x86).lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0039.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3968 [0039.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.710] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.711] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7c5, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x7c5, lpOverlapped=0x0) returned 1 [0039.712] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.712] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7c5, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x7c5, lpOverlapped=0x0) returned 1 [0039.712] CloseHandle (hObject=0x4c) returned 1 [0039.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f0aa8 [0039.712] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell (x86).lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell (x86).lnk.adv")) returned 1 [0039.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0039.713] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d79c9d7, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8d79c9d7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d7c2b37, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x5bc, dwReserved0=0x0, dwReserved1=0x1ca, cFileName="Windows PowerShell ISE (x86).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0039.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3968 [0039.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.713] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.714] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5bc, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x5bc, lpOverlapped=0x0) returned 1 [0039.715] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.715] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5bc, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x5bc, lpOverlapped=0x0) returned 1 [0039.715] CloseHandle (hObject=0x4c) returned 1 [0039.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f0aa8 [0039.716] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE (x86).lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise (x86).lnk.adv")) returned 1 [0039.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0039.717] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d750717, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8d750717, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d750717, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x5bc, dwReserved0=0x0, dwReserved1=0x1ca, cFileName="Windows PowerShell ISE.lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0039.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3968 [0039.717] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.717] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.718] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5bc, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x5bc, lpOverlapped=0x0) returned 1 [0039.719] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.720] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5bc, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x5bc, lpOverlapped=0x0) returned 1 [0039.720] CloseHandle (hObject=0x4c) returned 1 [0039.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0aa8 [0039.720] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell ISE.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell ise.lnk.adv")) returned 1 [0039.724] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.724] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0039.724] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bef7178, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bef7178, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x76b, dwReserved0=0x0, dwReserved1=0x1ca, cFileName="Windows PowerShell.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0039.724] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.724] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3968 [0039.724] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.724] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.725] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x76b, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x76b, lpOverlapped=0x0) returned 1 [0039.726] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.726] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x76b, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x76b, lpOverlapped=0x0) returned 1 [0039.726] CloseHandle (hObject=0x4c) returned 1 [0039.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0aa8 [0039.726] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\windows powershell\\windows powershell.lnk.adv")) returned 1 [0039.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0039.727] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bef7178, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bef7178, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x76b, dwReserved0=0x0, dwReserved1=0x1ca, cFileName="Windows PowerShell.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 0 [0039.727] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0039.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0039.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.727] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d25b9f8, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3d25b9f8, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3d2cde19, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Wordpad.lnk", cAlternateFileName="")) returned 1 [0039.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.728] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.728] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x52a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x52a, lpOverlapped=0x0) returned 1 [0039.729] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.729] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x52a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x52a, lpOverlapped=0x0) returned 1 [0039.730] CloseHandle (hObject=0x48) returned 1 [0039.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.730] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Wordpad.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\accessories\\wordpad.lnk.adv")) returned 1 [0039.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.730] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d25b9f8, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3d25b9f8, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3d2cde19, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Wordpad.lnk", cAlternateFileName="")) returned 0 [0039.730] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.731] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x81c3cfe0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81c3cfe0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0039.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a10 [0039.731] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x81c3cfe0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81c3cfe0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.731] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x81c3cfe0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81c3cfe0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="..", cAlternateFileName="")) returned 1 [0039.731] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x898d4524, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x898d4524, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d692035, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4da, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Component Services.lnk", cAlternateFileName="COMPON~1.LNK")) returned 1 [0039.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.731] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.732] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4da, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4da, lpOverlapped=0x0) returned 1 [0039.733] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.733] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4da, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4da, lpOverlapped=0x0) returned 1 [0039.733] CloseHandle (hObject=0x48) returned 1 [0039.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.733] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Component Services.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\component services.lnk.adv")) returned 1 [0039.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.734] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26ea3fc9, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x26ea3fc9, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x26f163ea, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x50e, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Computer Management.lnk", cAlternateFileName="COMPUT~1.LNK")) returned 1 [0039.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.734] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.735] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x50e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x50e, lpOverlapped=0x0) returned 1 [0039.736] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.736] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x50e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x50e, lpOverlapped=0x0) returned 1 [0039.737] CloseHandle (hObject=0x48) returned 1 [0039.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.737] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Computer Management.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\computer management.lnk.adv")) returned 1 [0039.737] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.737] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.737] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15444c01, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x15444c01, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x154b7022, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4f6, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Data Sources (ODBC).lnk", cAlternateFileName="DATASO~1.LNK")) returned 1 [0039.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.738] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.738] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.738] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4f6, lpOverlapped=0x0) returned 1 [0039.741] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.741] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4f6, lpOverlapped=0x0) returned 1 [0039.741] CloseHandle (hObject=0x48) returned 1 [0039.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.741] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Data Sources (ODBC).lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\data sources (odbc).lnk.adv")) returned 1 [0039.742] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.742] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.742] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa3aca9c, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xa3aca9c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x81c3cfe0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x7a6, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.742] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.742] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.742] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.742] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.742] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7a6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7a6, lpOverlapped=0x0) returned 1 [0039.743] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.743] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7a6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7a6, lpOverlapped=0x0) returned 1 [0039.743] CloseHandle (hObject=0x48) returned 1 [0039.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0ab8 [0039.743] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.adv")) returned 1 [0039.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.744] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b8e0e72, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2b8e0e72, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2b8e0e72, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x512, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Event Viewer.lnk", cAlternateFileName="EVENTV~1.LNK")) returned 1 [0039.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.744] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.745] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x512, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x512, lpOverlapped=0x0) returned 1 [0039.746] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.746] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x512, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x512, lpOverlapped=0x0) returned 1 [0039.746] CloseHandle (hObject=0x48) returned 1 [0039.746] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ab8 [0039.746] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Event Viewer.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\event viewer.lnk.adv")) returned 1 [0039.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.747] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2725c230, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2725c230, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x272a84f0, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4fa, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="iSCSI Initiator.lnk", cAlternateFileName="ISCSII~1.LNK")) returned 1 [0039.747] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.747] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.747] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.748] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4fa, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4fa, lpOverlapped=0x0) returned 1 [0039.750] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.750] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4fa, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4fa, lpOverlapped=0x0) returned 1 [0039.750] CloseHandle (hObject=0x48) returned 1 [0039.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ab8 [0039.750] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\iSCSI Initiator.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\iscsi initiator.lnk.adv")) returned 1 [0039.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.751] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa38693b, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xa38693b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0xa3aca9c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4f4, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Memory Diagnostics Tool.lnk", cAlternateFileName="MEMORY~1.LNK")) returned 1 [0039.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.751] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.752] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4f4, lpOverlapped=0x0) returned 1 [0039.753] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.753] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4f4, lpOverlapped=0x0) returned 1 [0039.754] CloseHandle (hObject=0x48) returned 1 [0039.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.754] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Memory Diagnostics Tool.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\memory diagnostics tool.lnk.adv")) returned 1 [0039.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.754] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14139bde, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x14139bde, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x14328dc1, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Performance Monitor.lnk", cAlternateFileName="PERFOR~1.LNK")) returned 1 [0039.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.755] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.755] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4d0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4d0, lpOverlapped=0x0) returned 1 [0039.757] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.757] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4d0, lpOverlapped=0x0) returned 1 [0039.757] CloseHandle (hObject=0x48) returned 1 [0039.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.757] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Performance Monitor.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\performance monitor.lnk.adv")) returned 1 [0039.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.758] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x806d09e0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x806d09e0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x8071cca0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Print Management.lnk", cAlternateFileName="PRINTM~1.LNK")) returned 1 [0039.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.758] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.758] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ee, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4ee, lpOverlapped=0x0) returned 1 [0039.760] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.760] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ee, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4ee, lpOverlapped=0x0) returned 1 [0039.760] CloseHandle (hObject=0x48) returned 1 [0039.760] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ab8 [0039.760] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Print Management.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\print management.lnk.adv")) returned 1 [0039.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.761] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81c3cfe0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x81c3cfe0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x81c3cfe0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x4e0, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Security Configuration Management.lnk", cAlternateFileName="SECURI~1.LNK")) returned 1 [0039.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3778 [0039.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.761] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.762] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4e0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4e0, lpOverlapped=0x0) returned 1 [0039.763] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.763] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4e0, lpOverlapped=0x0) returned 1 [0039.763] CloseHandle (hObject=0x48) returned 1 [0039.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0ab8 [0039.763] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Security Configuration Management.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\security configuration management.lnk.adv")) returned 1 [0039.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.764] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d7306f2, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x1d7306f2, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x1d77c9b3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x508, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="services.lnk", cAlternateFileName="")) returned 1 [0039.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.764] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.765] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x508, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x508, lpOverlapped=0x0) returned 1 [0039.766] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.767] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x508, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x508, lpOverlapped=0x0) returned 1 [0039.767] CloseHandle (hObject=0x48) returned 1 [0039.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0ab8 [0039.767] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\services.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\services.lnk.adv")) returned 1 [0039.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.768] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa575b1f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xa575b1f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0xa575b1f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4de, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="System Configuration.lnk", cAlternateFileName="SYSTEM~1.LNK")) returned 1 [0039.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.768] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.769] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4de, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4de, lpOverlapped=0x0) returned 1 [0039.771] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.771] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4de, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4de, lpOverlapped=0x0) returned 1 [0039.771] CloseHandle (hObject=0x48) returned 1 [0039.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.771] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\system configuration.lnk.adv")) returned 1 [0039.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.772] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b99f553, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2b99f553, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2b99f553, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Task Scheduler.lnk", cAlternateFileName="TASKSC~1.LNK")) returned 1 [0039.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.772] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.773] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ee, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4ee, lpOverlapped=0x0) returned 1 [0039.774] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.774] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ee, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4ee, lpOverlapped=0x0) returned 1 [0039.774] CloseHandle (hObject=0x48) returned 1 [0039.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ab8 [0039.774] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Task Scheduler.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\task scheduler.lnk.adv")) returned 1 [0039.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.775] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x191902f2, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x191902f2, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x1937f4d5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4fa, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Windows Firewall with Advanced Security.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0039.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3778 [0039.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.775] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.776] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4fa, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4fa, lpOverlapped=0x0) returned 1 [0039.777] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.777] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4fa, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4fa, lpOverlapped=0x0) returned 1 [0039.778] CloseHandle (hObject=0x48) returned 1 [0039.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f0ab8 [0039.778] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows Firewall with Advanced Security.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows firewall with advanced security.lnk.adv")) returned 1 [0039.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.778] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xab5, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Windows PowerShell Modules.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0039.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.779] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.779] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.780] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xab5, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xab5, lpOverlapped=0x0) returned 1 [0039.781] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.781] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xab5, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xab5, lpOverlapped=0x0) returned 1 [0039.781] CloseHandle (hObject=0x48) returned 1 [0039.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0ab8 [0039.782] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\Windows PowerShell Modules.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\administrative tools\\windows powershell modules.lnk.adv")) returned 1 [0039.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.782] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xab5, dwReserved0=0x1ca0431, dwReserved1=0x78038410, cFileName="Windows PowerShell Modules.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0039.782] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.783] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c01860, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c01860, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c01860, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x989, dwReserved0=0x0, dwReserved1=0x40, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0039.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.783] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.783] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x989, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x989, lpOverlapped=0x0) returned 1 [0039.785] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.785] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x989, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x989, lpOverlapped=0x0) returned 1 [0039.785] CloseHandle (hObject=0x44) returned 1 [0039.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a10 [0039.785] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Reader X.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\adobe reader x.lnk.adv")) returned 1 [0039.786] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.786] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x824ddfa0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x46a, dwReserved0=0x0, dwReserved1=0x40, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.786] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.786] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.786] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.786] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x46a, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x46a, lpOverlapped=0x0) returned 1 [0039.787] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.787] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x46a, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x46a, lpOverlapped=0x0) returned 1 [0039.787] CloseHandle (hObject=0x44) returned 1 [0039.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a10 [0039.787] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\desktop.ini.adv")) returned 1 [0039.788] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.788] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.788] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xa224bfc3, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa224bfc3, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="Games", cAlternateFileName="")) returned 1 [0039.788] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.788] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0039.788] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xa224bfc3, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa224bfc3, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.788] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xa224bfc3, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa224bfc3, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10, cFileName="..", cAlternateFileName="")) returned 1 [0039.788] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8e194aab, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8e194aab, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x208, dwReserved0=0x0, dwReserved1=0x10, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.788] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0039.788] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.788] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x208, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x208, lpOverlapped=0x0) returned 1 [0039.789] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.789] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x208, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x208, lpOverlapped=0x0) returned 1 [0039.789] CloseHandle (hObject=0x48) returned 1 [0039.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ad8 [0039.789] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\games\\desktop.ini.adv")) returned 1 [0039.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0039.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.790] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db22b28, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3db22b28, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3db94f49, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x10, cFileName="GameExplorer.lnk", cAlternateFileName="GAMEEX~1.LNK")) returned 1 [0039.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0039.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0a10 [0039.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0039.790] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.791] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x102, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x102, lpOverlapped=0x0) returned 1 [0039.792] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.792] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x102, lpOverlapped=0x0) returned 1 [0039.792] CloseHandle (hObject=0x48) returned 1 [0039.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ad8 [0039.792] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\GameExplorer.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\games\\gameexplorer.lnk.adv")) returned 1 [0039.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0039.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.793] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3db22b28, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3db22b28, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3db94f49, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x10, cFileName="GameExplorer.lnk", cAlternateFileName="GAMEEX~1.LNK")) returned 0 [0039.793] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.793] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df47e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df47e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df47e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8dd, dwReserved0=0x0, dwReserved1=0x40, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0039.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.793] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.794] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8dd, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x8dd, lpOverlapped=0x0) returned 1 [0039.795] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.795] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8dd, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x8dd, lpOverlapped=0x0) returned 1 [0039.795] CloseHandle (hObject=0x44) returned 1 [0039.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a10 [0039.795] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\google chrome.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\google chrome.lnk.adv")) returned 1 [0039.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.796] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7577bc60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x762ca4e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x762ca4e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="Java", cAlternateFileName="")) returned 1 [0039.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0039.796] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7577bc60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x762ca4e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x762ca4e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.797] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7577bc60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x762ca4e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x762ca4e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe, cFileName="..", cAlternateFileName="")) returned 1 [0039.797] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x762ca4e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x762ca4e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x762ca4e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x7cf, dwReserved0=0x0, dwReserved1=0xe, cFileName="About Java.lnk", cAlternateFileName="ABOUTJ~1.LNK")) returned 1 [0039.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4930 [0039.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4930 | out: hHeap=0x6d0000) returned 1 [0039.797] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.797] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7cf, lpOverlapped=0x0) returned 1 [0039.799] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.799] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7cf, lpOverlapped=0x0) returned 1 [0039.799] CloseHandle (hObject=0x48) returned 1 [0039.799] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a10 [0039.800] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\About Java.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\about java.lnk.adv")) returned 1 [0039.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.800] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x762ca4e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x762ca4e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x762ca4e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x7e1, dwReserved0=0x0, dwReserved1=0xe, cFileName="Check For Updates.lnk", cAlternateFileName="CHECKF~1.LNK")) returned 1 [0039.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4930 [0039.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4930 | out: hHeap=0x6d0000) returned 1 [0039.800] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.802] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7e1, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7e1, lpOverlapped=0x0) returned 1 [0039.805] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.806] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7e1, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7e1, lpOverlapped=0x0) returned 1 [0039.806] CloseHandle (hObject=0x48) returned 1 [0039.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a10 [0039.806] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Check For Updates.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\check for updates.lnk.adv")) returned 1 [0039.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.807] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x762a4380, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x762a4380, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x762ca4e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x7b7, dwReserved0=0x0, dwReserved1=0xe, cFileName="Configure Java.lnk", cAlternateFileName="CONFIG~1.LNK")) returned 1 [0039.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4930 [0039.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4930 | out: hHeap=0x6d0000) returned 1 [0039.807] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.808] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7b7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7b7, lpOverlapped=0x0) returned 1 [0039.809] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.809] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7b7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7b7, lpOverlapped=0x0) returned 1 [0039.809] CloseHandle (hObject=0x48) returned 1 [0039.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a10 [0039.809] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Configure Java.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\configure java.lnk.adv")) returned 1 [0039.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.810] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7591eb80, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7591eb80, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7591eb80, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4b6, dwReserved0=0x0, dwReserved1=0xe, cFileName="Get Help.lnk", cAlternateFileName="GETHEL~1.LNK")) returned 1 [0039.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4930 [0039.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.810] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4930 | out: hHeap=0x6d0000) returned 1 [0039.810] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.811] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4b6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4b6, lpOverlapped=0x0) returned 1 [0039.812] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.813] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4b6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4b6, lpOverlapped=0x0) returned 1 [0039.813] CloseHandle (hObject=0x48) returned 1 [0039.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a10 [0039.813] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Get Help.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\get help.lnk.adv")) returned 1 [0039.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.814] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x758f8a20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x758f8a20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7591eb80, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x45a, dwReserved0=0x0, dwReserved1=0xe, cFileName="Visit Java.com.lnk", cAlternateFileName="VISITJ~1.LNK")) returned 1 [0039.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4930 [0039.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4930 | out: hHeap=0x6d0000) returned 1 [0039.814] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.815] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x45a, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x45a, lpOverlapped=0x0) returned 1 [0039.816] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.816] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x45a, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x45a, lpOverlapped=0x0) returned 1 [0039.816] CloseHandle (hObject=0x48) returned 1 [0039.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a10 [0039.816] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\Visit Java.com.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\java\\visit java.com.lnk.adv")) returned 1 [0039.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.817] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x758f8a20, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x758f8a20, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7591eb80, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x45a, dwReserved0=0x0, dwReserved1=0xe, cFileName="Visit Java.com.lnk", cAlternateFileName="VISITJ~1.LNK")) returned 0 [0039.817] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0039.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.817] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8ab46fc5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ab6d126, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0039.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0039.817] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8ab46fc5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ab6d126, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.818] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8ab46fc5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ab6d126, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe, cFileName="..", cAlternateFileName="")) returned 1 [0039.818] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a1030d3, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8a1030d3, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8a1030d3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0xe, cFileName="Backup and Restore Center.lnk", cAlternateFileName="BACKUP~1.LNK")) returned 1 [0039.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.818] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.818] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x518, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x518, lpOverlapped=0x0) returned 1 [0039.820] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.820] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x518, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x518, lpOverlapped=0x0) returned 1 [0039.820] CloseHandle (hObject=0x48) returned 1 [0039.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0aa8 [0039.820] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Backup and Restore Center.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\backup and restore center.lnk.adv")) returned 1 [0039.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.821] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a77447, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x89a77447, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x89a77447, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e0, dwReserved0=0x0, dwReserved1=0xe, cFileName="Create Recovery Disc.lnk", cAlternateFileName="CREATE~1.LNK")) returned 1 [0039.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.821] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.821] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4e0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4e0, lpOverlapped=0x0) returned 1 [0039.823] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.823] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4e0, lpOverlapped=0x0) returned 1 [0039.823] CloseHandle (hObject=0x48) returned 1 [0039.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0aa8 [0039.823] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Create Recovery Disc.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\create recovery disc.lnk.adv")) returned 1 [0039.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.824] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec13fc0c, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xec13fc0c, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x8ab6d126, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x25e, dwReserved0=0x0, dwReserved1=0xe, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0039.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.824] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.824] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x25e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x25e, lpOverlapped=0x0) returned 1 [0039.825] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.825] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x25e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x25e, lpOverlapped=0x0) returned 1 [0039.825] CloseHandle (hObject=0x48) returned 1 [0039.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.825] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.adv")) returned 1 [0039.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.826] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab46fc5, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8ab46fc5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ab46fc5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0xe, cFileName="Remote Assistance.lnk", cAlternateFileName="REMOTE~1.LNK")) returned 1 [0039.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.826] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.827] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4bc, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4bc, lpOverlapped=0x0) returned 1 [0039.828] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.828] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4bc, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4bc, lpOverlapped=0x0) returned 1 [0039.829] CloseHandle (hObject=0x48) returned 1 [0039.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0aa8 [0039.829] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Remote Assistance.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\maintenance\\remote assistance.lnk.adv")) returned 1 [0039.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.830] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab46fc5, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8ab46fc5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8ab46fc5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0xe, cFileName="Remote Assistance.lnk", cAlternateFileName="REMOTE~1.LNK")) returned 0 [0039.830] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.830] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x824ddfa0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x824ddfa0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x824ddfa0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x541, dwReserved0=0x0, dwReserved1=0x40, cFileName="Media Center.lnk", cAlternateFileName="MEDIAC~1.LNK")) returned 1 [0039.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.830] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\media center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.831] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x541, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x541, lpOverlapped=0x0) returned 1 [0039.832] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.832] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x541, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x541, lpOverlapped=0x0) returned 1 [0039.833] CloseHandle (hObject=0x44) returned 1 [0039.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a10 [0039.833] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\media center.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Media Center.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\media center.lnk.adv")) returned 1 [0039.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.834] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0039.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a10 [0039.834] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.834] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe, cFileName="..", cAlternateFileName="")) returned 1 [0039.834] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x780122b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x780122b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xb67, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft Access 2010.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0039.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.834] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.835] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb67, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xb67, lpOverlapped=0x0) returned 1 [0039.836] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.836] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb67, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xb67, lpOverlapped=0x0) returned 1 [0039.836] CloseHandle (hObject=0x48) returned 1 [0039.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ab8 [0039.836] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Access 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft access 2010.lnk.adv")) returned 1 [0039.837] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.837] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.837] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xb87, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft Excel 2010.lnk", cAlternateFileName="MICROS~2.LNK")) returned 1 [0039.837] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.837] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.837] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.837] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.838] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb87, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xb87, lpOverlapped=0x0) returned 1 [0039.839] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.839] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb87, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xb87, lpOverlapped=0x0) returned 1 [0039.839] CloseHandle (hObject=0x48) returned 1 [0039.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ab8 [0039.840] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Excel 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft excel 2010.lnk.adv")) returned 1 [0039.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.840] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7805e570, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x7805e570, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x7805e570, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbe2, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft InfoPath Designer 2010.lnk", cAlternateFileName="MIA4FF~1.LNK")) returned 1 [0039.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.840] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.841] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbe2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xbe2, lpOverlapped=0x0) returned 1 [0039.843] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.843] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbe2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xbe2, lpOverlapped=0x0) returned 1 [0039.843] CloseHandle (hObject=0x48) returned 1 [0039.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0ab8 [0039.843] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Designer 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath designer 2010.lnk.adv")) returned 1 [0039.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.844] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7805e570, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x7805e570, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x7805e570, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbd2, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft InfoPath Filler 2010.lnk", cAlternateFileName="MICROS~4.LNK")) returned 1 [0039.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.844] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.844] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbd2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xbd2, lpOverlapped=0x0) returned 1 [0039.846] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.846] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbd2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xbd2, lpOverlapped=0x0) returned 1 [0039.846] CloseHandle (hObject=0x48) returned 1 [0039.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0ab8 [0039.846] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft InfoPath Filler 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft infopath filler 2010.lnk.adv")) returned 1 [0039.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.847] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft Office 2010 Tools", cAlternateFileName="MICROS~1")) returned 1 [0039.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ab8 [0039.847] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0039.848] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.848] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77fec150, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc119ff40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc119ff40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xba1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Digital Certificate for VBA Projects.lnk", cAlternateFileName="DIGITA~1.LNK")) returned 1 [0039.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3870 [0039.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3948 [0039.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3870 | out: hHeap=0x6d0000) returned 1 [0039.848] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.850] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xba1, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xba1, lpOverlapped=0x0) returned 1 [0039.851] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.851] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xba1, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xba1, lpOverlapped=0x0) returned 1 [0039.851] CloseHandle (hObject=0x4c) returned 1 [0039.851] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3a88 [0039.851] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Digital Certificate for VBA Projects.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\digital certificate for vba projects.lnk.adv")) returned 1 [0039.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a88 | out: hHeap=0x6d0000) returned 1 [0039.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3948 | out: hHeap=0x6d0000) returned 1 [0039.852] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77f53bd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc1179de0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc1179de0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xb65, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Clip Organizer.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0039.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3870 [0039.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3948 [0039.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3870 | out: hHeap=0x6d0000) returned 1 [0039.852] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.854] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb65, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xb65, lpOverlapped=0x0) returned 1 [0039.856] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.856] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb65, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xb65, lpOverlapped=0x0) returned 1 [0039.856] CloseHandle (hObject=0x4c) returned 1 [0039.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3a88 [0039.856] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Clip Organizer.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft clip organizer.lnk.adv")) returned 1 [0039.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a88 | out: hHeap=0x6d0000) returned 1 [0039.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3948 | out: hHeap=0x6d0000) returned 1 [0039.857] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x780122b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xabf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office 2010 Language Preferences.lnk", cAlternateFileName="MICROS~4.LNK")) returned 1 [0039.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3870 [0039.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3948 [0039.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3870 | out: hHeap=0x6d0000) returned 1 [0039.857] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.857] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xabf, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xabf, lpOverlapped=0x0) returned 1 [0039.859] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.859] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xabf, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xabf, lpOverlapped=0x0) returned 1 [0039.859] CloseHandle (hObject=0x4c) returned 1 [0039.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x140) returned 0x6e3a88 [0039.859] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Language Preferences.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 language preferences.lnk.adv")) returned 1 [0039.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a88 | out: hHeap=0x6d0000) returned 1 [0039.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3948 | out: hHeap=0x6d0000) returned 1 [0039.860] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77fec150, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc119ff40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc119ff40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xb15, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office 2010 Upload Center.lnk", cAlternateFileName="MICROS~3.LNK")) returned 1 [0039.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3870 [0039.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3948 [0039.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3870 | out: hHeap=0x6d0000) returned 1 [0039.861] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.861] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb15, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xb15, lpOverlapped=0x0) returned 1 [0039.863] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.863] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb15, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xb15, lpOverlapped=0x0) returned 1 [0039.863] CloseHandle (hObject=0x4c) returned 1 [0039.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3a88 [0039.864] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office 2010 Upload Center.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office 2010 upload center.lnk.adv")) returned 1 [0039.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a88 | out: hHeap=0x6d0000) returned 1 [0039.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3948 | out: hHeap=0x6d0000) returned 1 [0039.864] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77fec150, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc1179de0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc1179de0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xb3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office Picture Manager.lnk", cAlternateFileName="MICROS~2.LNK")) returned 1 [0039.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3870 [0039.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3948 [0039.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3870 | out: hHeap=0x6d0000) returned 1 [0039.865] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.865] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3b, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xb3b, lpOverlapped=0x0) returned 1 [0039.867] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.867] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3b, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xb3b, lpOverlapped=0x0) returned 1 [0039.867] CloseHandle (hObject=0x4c) returned 1 [0039.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e3a88 [0039.871] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Office Picture Manager.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft office picture manager.lnk.adv")) returned 1 [0039.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a88 | out: hHeap=0x6d0000) returned 1 [0039.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3948 | out: hHeap=0x6d0000) returned 1 [0039.871] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc11c60a0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xbb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Project Server 2010 Accounts.lnk", cAlternateFileName="MIBC23~1.LNK")) returned 1 [0039.872] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3870 [0039.872] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3948 [0039.872] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3870 | out: hHeap=0x6d0000) returned 1 [0039.872] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0039.872] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbb7, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xbb7, lpOverlapped=0x0) returned 1 [0039.874] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.874] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbb7, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xbb7, lpOverlapped=0x0) returned 1 [0039.874] CloseHandle (hObject=0x4c) returned 1 [0039.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3a88 [0039.874] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Office 2010 Tools\\Microsoft Project Server 2010 Accounts.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft office 2010 tools\\microsoft project server 2010 accounts.lnk.adv")) returned 1 [0039.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a88 | out: hHeap=0x6d0000) returned 1 [0039.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3948 | out: hHeap=0x6d0000) returned 1 [0039.875] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc11c60a0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xbb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Project Server 2010 Accounts.lnk", cAlternateFileName="MIBC23~1.LNK")) returned 0 [0039.875] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0039.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.876] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7805e570, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x780846d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x780846d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xb3f, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft OneNote 2010.lnk", cAlternateFileName="MI807F~1.LNK")) returned 1 [0039.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.876] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.876] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.876] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb3f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xb3f, lpOverlapped=0x0) returned 1 [0039.878] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.878] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb3f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xb3f, lpOverlapped=0x0) returned 1 [0039.878] CloseHandle (hObject=0x48) returned 1 [0039.878] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.878] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft OneNote 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft onenote 2010.lnk.adv")) returned 1 [0039.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.879] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x780846d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x780846d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x780846d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbd5, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft Outlook 2010.lnk", cAlternateFileName="MI4465~1.LNK")) returned 1 [0039.879] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.879] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.879] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.880] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbd5, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xbd5, lpOverlapped=0x0) returned 1 [0039.881] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.881] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbd5, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xbd5, lpOverlapped=0x0) returned 1 [0039.882] CloseHandle (hObject=0x48) returned 1 [0039.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.882] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Outlook 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft outlook 2010.lnk.adv")) returned 1 [0039.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.882] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x780846d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x780846d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x780846d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xb79, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft PowerPoint 2010.lnk", cAlternateFileName="MIAF79~1.LNK")) returned 1 [0039.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.883] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.883] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.883] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.883] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb79, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xb79, lpOverlapped=0x0) returned 1 [0039.935] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.936] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb79, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xb79, lpOverlapped=0x0) returned 1 [0039.936] CloseHandle (hObject=0x48) returned 1 [0039.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.936] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft PowerPoint 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft powerpoint 2010.lnk.adv")) returned 1 [0039.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.937] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc11c60a0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xc11c60a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xc11c60a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xb77, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft Project 2010.lnk", cAlternateFileName="MI6860~1.LNK")) returned 1 [0039.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.937] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.938] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb77, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xb77, lpOverlapped=0x0) returned 1 [0039.939] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.939] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb77, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xb77, lpOverlapped=0x0) returned 1 [0039.940] CloseHandle (hObject=0x48) returned 1 [0039.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.940] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Project 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft project 2010.lnk.adv")) returned 1 [0039.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.941] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x780846d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x780846d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x780846d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbe1, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft Publisher 2010.lnk", cAlternateFileName="MI260D~1.LNK")) returned 1 [0039.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.941] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.941] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbe1, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xbe1, lpOverlapped=0x0) returned 1 [0039.943] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.943] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbe1, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xbe1, lpOverlapped=0x0) returned 1 [0039.943] CloseHandle (hObject=0x48) returned 1 [0039.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0ab8 [0039.943] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Publisher 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft publisher 2010.lnk.adv")) returned 1 [0039.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.944] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbef, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft SharePoint Workspace 2010.lnk", cAlternateFileName="MICROS~3.LNK")) returned 1 [0039.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3778 [0039.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.944] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.945] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbef, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xbef, lpOverlapped=0x0) returned 1 [0039.961] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.961] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbef, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xbef, lpOverlapped=0x0) returned 1 [0039.961] CloseHandle (hObject=0x48) returned 1 [0039.961] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0ab8 [0039.961] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft SharePoint Workspace 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft sharepoint workspace 2010.lnk.adv")) returned 1 [0039.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.962] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8735be00, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x8735be00, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x87381f60, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xacf, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft Visio 2010.lnk", cAlternateFileName="MI7E65~1.LNK")) returned 1 [0039.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.962] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.962] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.963] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xacf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xacf, lpOverlapped=0x0) returned 1 [0039.964] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.964] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xacf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xacf, lpOverlapped=0x0) returned 1 [0039.964] CloseHandle (hObject=0x48) returned 1 [0039.965] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ab8 [0039.965] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Visio 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft visio 2010.lnk.adv")) returned 1 [0039.965] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.965] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.965] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x780aa830, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x780aa830, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x780aa830, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbcd, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft Word 2010.lnk", cAlternateFileName="MI109D~1.LNK")) returned 1 [0039.965] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ab8 [0039.965] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0039.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.966] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.966] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbcd, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xbcd, lpOverlapped=0x0) returned 1 [0039.967] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.968] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbcd, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xbcd, lpOverlapped=0x0) returned 1 [0039.968] CloseHandle (hObject=0x48) returned 1 [0039.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ab8 [0039.968] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office\\Microsoft Word 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office\\microsoft word 2010.lnk.adv")) returned 1 [0039.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ab8 | out: hHeap=0x6d0000) returned 1 [0039.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.969] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x780aa830, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x780aa830, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x780aa830, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbcd, dwReserved0=0x0, dwReserved1=0xe, cFileName="Microsoft Word 2010.lnk", cAlternateFileName="MI109D~1.LNK")) returned 0 [0039.969] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.969] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb09bd780, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb09e38e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb09e38e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x491, dwReserved0=0x0, dwReserved1=0x40, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0039.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.969] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.969] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x491, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x491, lpOverlapped=0x0) returned 1 [0039.971] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.971] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x491, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x491, lpOverlapped=0x0) returned 1 [0039.971] CloseHandle (hObject=0x44) returned 1 [0039.971] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a10 [0039.971] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Mozilla Firefox.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\mozilla firefox.lnk.adv")) returned 1 [0039.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.972] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="SharePoint", cAlternateFileName="SHAREP~1")) returned 1 [0039.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0039.972] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.973] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc, cFileName="..", cAlternateFileName="")) returned 1 [0039.973] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbef, dwReserved0=0x0, dwReserved1=0xc, cFileName="Microsoft SharePoint Workspace 2010.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0039.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3778 [0039.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.973] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.974] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbef, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xbef, lpOverlapped=0x0) returned 1 [0039.975] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.975] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbef, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xbef, lpOverlapped=0x0) returned 1 [0039.976] CloseHandle (hObject=0x48) returned 1 [0039.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0aa8 [0039.976] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\SharePoint\\Microsoft SharePoint Workspace 2010.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\sharepoint\\microsoft sharepoint workspace 2010.lnk.adv")) returned 1 [0039.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.977] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78038410, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x78038410, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x78038410, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xbef, dwReserved0=0x0, dwReserved1=0xc, cFileName="Microsoft SharePoint Workspace 2010.lnk", cAlternateFileName="MICROS~1.LNK")) returned 0 [0039.977] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.977] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a233bd5, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8a233bd5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8a233bd5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x532, dwReserved0=0x0, dwReserved1=0x40, cFileName="Sidebar.lnk", cAlternateFileName="")) returned 1 [0039.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.977] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\sidebar.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.977] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x532, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x532, lpOverlapped=0x0) returned 1 [0039.979] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.979] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x532, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x532, lpOverlapped=0x0) returned 1 [0039.979] CloseHandle (hObject=0x44) returned 1 [0039.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a10 [0039.979] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\sidebar.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Sidebar.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\sidebar.lnk.adv")) returned 1 [0039.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.980] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2832bdaf, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="Startup", cAlternateFileName="")) returned 1 [0039.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0039.980] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2832bdaf, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.980] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2832bdaf, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10, cFileName="..", cAlternateFileName="")) returned 1 [0039.980] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2832bdaf, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2832bdaf, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x10, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0039.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0039.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.980] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0039.980] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xae, lpOverlapped=0x0) returned 1 [0039.981] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.981] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xae, lpOverlapped=0x0) returned 1 [0039.981] CloseHandle (hObject=0x48) returned 1 [0039.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0aa8 [0039.981] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.adv")) returned 1 [0039.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0039.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0039.982] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2832bdaf, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2832bdaf, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x10, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0039.982] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.982] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x9182055d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x40, cFileName="Tablet PC", cAlternateFileName="TABLET~1")) returned 1 [0039.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0039.982] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Tablet PC\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x9182055d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0039.983] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x9182055d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10, cFileName="..", cAlternateFileName="")) returned 1 [0039.983] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x9182055d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x10, cFileName="..", cAlternateFileName="")) returned 0 [0039.984] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0039.984] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.984] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.984] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b186991, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8b186991, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8b186991, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x548, dwReserved0=0x0, dwReserved1=0x40, cFileName="Windows Anytime Upgrade.lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0039.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.984] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.984] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.984] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.984] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x548, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x548, lpOverlapped=0x0) returned 1 [0039.993] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.993] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x548, lpOverlapped=0x0) returned 1 [0039.993] CloseHandle (hObject=0x44) returned 1 [0039.993] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a10 [0039.993] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Anytime Upgrade.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows anytime upgrade.lnk.adv")) returned 1 [0039.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.994] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82491ce0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x82491ce0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x82491ce0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x52e, dwReserved0=0x0, dwReserved1=0x40, cFileName="Windows DVD Maker.lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0039.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.994] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.994] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.995] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x52e, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x52e, lpOverlapped=0x0) returned 1 [0039.996] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0039.996] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x52e, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x52e, lpOverlapped=0x0) returned 1 [0039.996] CloseHandle (hObject=0x44) returned 1 [0039.996] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a10 [0039.996] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows DVD Maker.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows dvd maker.lnk.adv")) returned 1 [0039.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0039.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0039.997] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d7b6b82, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x3d7b6b82, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x3d7dcce2, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ba, dwReserved0=0x0, dwReserved1=0x40, cFileName="Windows Fax and Scan.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0039.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0039.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0039.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0039.997] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0039.998] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ba, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4ba, lpOverlapped=0x0) returned 1 [0040.001] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.001] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ba, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4ba, lpOverlapped=0x0) returned 1 [0040.001] CloseHandle (hObject=0x44) returned 1 [0040.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a10 [0040.001] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows fax and scan.lnk.adv")) returned 1 [0040.002] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0040.002] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0040.002] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8945dbdb, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8945dbdb, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x40, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0040.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0040.002] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.002] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0040.003] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x60b, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x60b, lpOverlapped=0x0) returned 1 [0040.004] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.004] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x60b, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x60b, lpOverlapped=0x0) returned 1 [0040.004] CloseHandle (hObject=0x44) returned 1 [0040.004] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a10 [0040.004] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows media player.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Media Player.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\windows media player.lnk.adv")) returned 1 [0040.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0040.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0040.005] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aa62784, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8aa62784, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8aa62784, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4de, dwReserved0=0x0, dwReserved1=0x40, cFileName="XPS Viewer.lnk", cAlternateFileName="XPSVIE~1.LNK")) returned 1 [0040.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0040.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.005] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0040.006] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4de, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4de, lpOverlapped=0x0) returned 1 [0040.007] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.007] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4de, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4de, lpOverlapped=0x0) returned 1 [0040.007] CloseHandle (hObject=0x44) returned 1 [0040.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a10 [0040.007] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\xps viewer.lnk.adv")) returned 1 [0040.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0040.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0040.008] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aa62784, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8aa62784, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8aa62784, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4de, dwReserved0=0x0, dwReserved1=0x40, cFileName="XPS Viewer.lnk", cAlternateFileName="XPSVIE~1.LNK")) returned 0 [0040.008] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.008] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f57ecb5, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x7f57ecb5, ftLastAccessTime.dwHighDateTime=0x1ca043e, ftLastWriteTime.dwLowDateTime=0x7f57ecb5, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4f2, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Windows Update.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0040.008] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0040.008] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0040.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0040.008] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\windows update.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0040.009] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f2, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x4f2, lpOverlapped=0x0) returned 1 [0040.012] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.012] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f2, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x4f2, lpOverlapped=0x0) returned 1 [0040.012] CloseHandle (hObject=0x40) returned 1 [0040.012] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0040.012] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\windows update.lnk"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Windows Update.lnk.adv" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\windows update.lnk.adv")) returned 1 [0040.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0040.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.013] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f57ecb5, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x7f57ecb5, ftLastAccessTime.dwHighDateTime=0x1ca043e, ftLastWriteTime.dwLowDateTime=0x7f57ecb5, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4f2, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="Windows Update.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0040.013] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0040.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.013] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeea3462, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0040.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0040.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0040.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0040.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2048 [0040.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0040.013] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeea3462, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.014] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeea3462, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0040.014] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9dbcac, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeea3462, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 0 [0040.014] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0040.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.014] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda01e06, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="WER", cAlternateFileName="")) returned 1 [0040.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0040.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0040.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0040.014] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\WER\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda01e06, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.014] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda01e06, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="..", cAlternateFileName="")) returned 1 [0040.014] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0x9a0a5fd1, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="ReportArchive", cAlternateFileName="REPORT~1")) returned 1 [0040.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0040.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0040.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0040.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0040.014] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0040.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0040.014] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\WER\\ReportArchive\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0x9a0a5fd1, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfda01e06, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.015] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0x9a0a5fd1, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfda01e06, cFileName="..", cAlternateFileName="")) returned 1 [0040.015] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0x9a0a5fd1, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfda01e06, cFileName="..", cAlternateFileName="")) returned 0 [0040.015] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0040.017] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x810, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb59300, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2fb59300, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="ReportQueue", cAlternateFileName="REPORT~2")) returned 1 [0040.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0040.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0040.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0040.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0040.017] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\WER\\ReportQueue\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x810, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb59300, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2fb59300, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfda01e06, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.018] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x810, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb59300, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2fb59300, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfda01e06, cFileName="..", cAlternateFileName="")) returned 1 [0040.018] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x810, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb59300, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2fb59300, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfda01e06, cFileName="..", cAlternateFileName="")) returned 0 [0040.018] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0040.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0040.018] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x810, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb59300, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2fb59300, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x60ae73a0, cFileName="ReportQueue", cAlternateFileName="REPORT~2")) returned 0 [0040.018] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0040.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.018] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9dbcac, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda01e06, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="WER", cAlternateFileName="")) returned 0 [0040.018] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0040.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0040.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0040.018] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x9b7c5130, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9b7c5130, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0040.018] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0040.018] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0040.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0040.018] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0040.018] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x9b7c5130, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9b7c5130, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0040.019] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x9b7c5130, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9b7c5130, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0040.019] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fb3099, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Definition Updates", cAlternateFileName="DEFINI~1")) returned 1 [0040.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2058 [0040.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0040.019] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fb3099, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x9b7c5130, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.019] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fb3099, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x9b7c5130, cFileName="..", cAlternateFileName="")) returned 1 [0040.019] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x9b7c5130, cFileName="Backup", cAlternateFileName="")) returned 1 [0040.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0040.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09e0 [0040.019] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a78 [0040.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0040.019] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.019] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName="..", cAlternateFileName="")) returned 1 [0040.019] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName="..", cAlternateFileName="")) returned 0 [0040.020] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0040.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0040.020] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x9b7c5130, cFileName="Updates", cAlternateFileName="")) returned 1 [0040.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0040.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0040.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0040.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ac0 [0040.020] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.020] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName="..", cAlternateFileName="")) returned 1 [0040.020] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName="..", cAlternateFileName="")) returned 0 [0040.020] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0040.020] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fff35a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x9b7c5130, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 1 [0040.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0948 [0040.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f09e0 [0040.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0040.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ac0 [0040.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3778 [0040.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.020] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fff35a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.021] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fff35a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName="..", cAlternateFileName="")) returned 1 [0040.021] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fd91f9, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fd91f9, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x12c4d000, ftLastWriteTime.dwHighDateTime=0x1cb85c9, nFileSizeHigh=0x0, nFileSizeLow=0xb17190, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName="mpasbase.vdm", cAlternateFileName="")) returned 1 [0040.021] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ac0 [0040.021] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e38b8 [0040.021] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.021] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0040.022] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb17190, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xb17190, lpOverlapped=0x0) returned 1 [0040.400] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.400] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb17190, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xb17190, lpOverlapped=0x0) returned 1 [0040.742] CloseHandle (hObject=0x44) returned 1 [0040.742] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f0ac0 [0040.742] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.adv" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm.adv")) returned 1 [0040.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38b8 | out: hHeap=0x6d0000) returned 1 [0040.743] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fff35a, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x6da22700, ftLastWriteTime.dwHighDateTime=0x1cb8783, nFileSizeHigh=0x0, nFileSizeLow=0x52d90, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName="mpasdlta.vdm", cAlternateFileName="")) returned 1 [0040.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ac0 [0040.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e38b8 [0040.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.743] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0040.744] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x52d90, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x52d90, lpOverlapped=0x0) returned 1 [0040.748] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.748] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x52d90, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x52d90, lpOverlapped=0x0) returned 1 [0040.749] CloseHandle (hObject=0x44) returned 1 [0040.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6f0ac0 [0040.749] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.adv" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm.adv")) returned 1 [0040.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38b8 | out: hHeap=0x6d0000) returned 1 [0040.750] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x93b6800, ftLastWriteTime.dwHighDateTime=0x1cb85c9, nFileSizeHigh=0x0, nFileSizeLow=0x7d1d50, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName="mpengine.dll", cAlternateFileName="")) returned 1 [0040.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0ac0 [0040.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e38b8 [0040.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.750] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38b8 | out: hHeap=0x6d0000) returned 1 [0040.750] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x93b6800, ftLastWriteTime.dwHighDateTime=0x1cb85c9, nFileSizeHigh=0x0, nFileSizeLow=0x7d1d50, dwReserved0=0x1ca0444, dwReserved1=0x1fb3099, cFileName="mpengine.dll", cAlternateFileName="")) returned 0 [0040.750] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0040.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09e0 | out: hHeap=0x6d0000) returned 1 [0040.750] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fff35a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x9b7c5130, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 0 [0040.750] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.750] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x9b7c5130, ftCreationTime.dwHighDateTime=0x1d5c60a, ftLastAccessTime.dwLowDateTime=0x9b7c5130, ftLastAccessTime.dwHighDateTime=0x1d5c60a, ftLastWriteTime.dwLowDateTime=0x9b7c5130, ftLastWriteTime.dwHighDateTime=0x1d5c60a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock", cAlternateFileName="IMPSER~1.LOC")) returned 1 [0040.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e2058 [0040.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.750] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\impservice925a3aca-c353-458a-ac8d-a7e5eb378092.lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.751] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="LocalCopy", cAlternateFileName="LOCALC~1")) returned 1 [0040.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0040.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0040.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0040.751] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.751] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="..", cAlternateFileName="")) returned 1 [0040.751] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="..", cAlternateFileName="")) returned 0 [0040.751] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.751] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Quarantine", cAlternateFileName="QUARAN~1")) returned 1 [0040.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.751] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.752] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="..", cAlternateFileName="")) returned 1 [0040.752] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="..", cAlternateFileName="")) returned 0 [0040.752] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.752] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7690f9e4, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7690f9e4, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Scans", cAlternateFileName="")) returned 1 [0040.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0040.752] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7690f9e4, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7690f9e4, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.752] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7690f9e4, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7690f9e4, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="..", cAlternateFileName="")) returned 1 [0040.752] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="History", cAlternateFileName="")) returned 1 [0040.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0040.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0040.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0040.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.752] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7690f9e4, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.753] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7690f9e4, cFileName="..", cAlternateFileName="")) returned 1 [0040.753] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc0a7e0, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7690f9e4, cFileName="CacheManager", cAlternateFileName="CACHEM~1")) returned 1 [0040.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0040.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0040.753] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc0a7e0, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0040.753] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc0a7e0, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="..", cAlternateFileName="")) returned 1 [0040.753] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc30940, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x33b60, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="MpSfc.bin", cAlternateFileName="")) returned 1 [0040.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ad0 [0040.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0040.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0040.753] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0040.754] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc30940, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x33b60, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="MpSfc.bin", cAlternateFileName="")) returned 0 [0040.754] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0040.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0040.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0040.754] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0xa13d69d0, ftLastAccessTime.dwHighDateTime=0x1d2dda3, ftLastWriteTime.dwLowDateTime=0xa13d69d0, ftLastWriteTime.dwHighDateTime=0x1d2dda3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7690f9e4, cFileName="Results", cAlternateFileName="")) returned 1 [0040.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0040.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0040.754] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0xa13d69d0, ftLastAccessTime.dwHighDateTime=0x1d2dda3, ftLastWriteTime.dwLowDateTime=0xa13d69d0, ftLastWriteTime.dwHighDateTime=0x1d2dda3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0040.754] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0xa13d69d0, ftLastAccessTime.dwHighDateTime=0x1d2dda3, ftLastWriteTime.dwLowDateTime=0xa13d69d0, ftLastWriteTime.dwHighDateTime=0x1d2dda3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="..", cAlternateFileName="")) returned 1 [0040.754] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x80be8ad0, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="Resource", cAlternateFileName="")) returned 1 [0040.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ac0 [0040.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0040.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ac0 [0040.754] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x80be8ad0, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cb892c, dwReserved1=0xa13d69d0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0040.754] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x80be8ad0, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cb892c, dwReserved1=0xa13d69d0, cFileName="..", cAlternateFileName="")) returned 1 [0040.754] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x81085570, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x1a60, dwReserved0=0x1cb892c, dwReserved1=0xa13d69d0, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", cAlternateFileName="{1D1DB~1")) returned 1 [0040.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3858 [0040.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3900 [0040.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0040.755] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0040.755] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a60, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1a60, lpOverlapped=0x0) returned 1 [0040.757] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.757] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a60, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1a60, lpOverlapped=0x0) returned 1 [0040.757] CloseHandle (hObject=0x4c) returned 1 [0040.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e39f8 [0040.757] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.adv" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}.adv")) returned 1 [0040.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0040.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3900 | out: hHeap=0x6d0000) returned 1 [0040.758] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x81085570, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x1a60, dwReserved0=0x1cb892c, dwReserved1=0xa13d69d0, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", cAlternateFileName="{1D1DB~1")) returned 0 [0040.758] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0040.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0040.758] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x80be8ad0, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="Resource", cAlternateFileName="")) returned 0 [0040.758] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0040.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0040.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0040.758] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0xb9820270, ftLastWriteTime.dwHighDateTime=0x1d2faf0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7690f9e4, cFileName="Service", cAlternateFileName="")) returned 1 [0040.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0040.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0040.758] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0xb9820270, ftLastWriteTime.dwHighDateTime=0x1d2faf0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0040.758] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0xb9820270, ftLastWriteTime.dwHighDateTime=0x1d2faf0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="..", cAlternateFileName="")) returned 1 [0040.758] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb9820270, ftCreationTime.dwHighDateTime=0x1d2faf0, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0x7de6c9b0, ftLastWriteTime.dwHighDateTime=0x1d3373d, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="History.Log", cAlternateFileName="")) returned 1 [0040.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ac0 [0040.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0040.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.758] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\history.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0040.765] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2, lpOverlapped=0x0) returned 1 [0040.766] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.766] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2, lpOverlapped=0x0) returned 1 [0040.767] CloseHandle (hObject=0x48) returned 1 [0040.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0040.767] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\history.log"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.adv" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\history.log.adv")) returned 1 [0040.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0040.767] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x2d1f02a0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x1a86, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="Unknown.Log", cAlternateFileName="")) returned 1 [0040.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ac0 [0040.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0040.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.768] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0040.768] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a86, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1a86, lpOverlapped=0x0) returned 1 [0040.769] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.769] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a86, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1a86, lpOverlapped=0x0) returned 1 [0040.769] CloseHandle (hObject=0x48) returned 1 [0040.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0040.769] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.adv" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\unknown.log.adv")) returned 1 [0040.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0040.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0040.769] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x2d1f02a0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x1a86, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="Unknown.Log", cAlternateFileName="")) returned 0 [0040.770] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0040.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0040.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0040.770] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7690f9e4, cFileName="Store", cAlternateFileName="")) returned 1 [0040.770] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.770] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0040.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.770] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0040.770] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0040.770] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="..", cAlternateFileName="")) returned 1 [0040.770] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0441, dwReserved1=0x244fb42, cFileName="..", cAlternateFileName="")) returned 0 [0040.770] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0040.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0040.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0040.770] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7690f9e4, cFileName="Store", cAlternateFileName="")) returned 0 [0040.770] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.770] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="History", cAlternateFileName="")) returned 0 [0040.770] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0040.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.770] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76792c22, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Support", cAlternateFileName="")) returned 1 [0040.770] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.770] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0040.771] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76792c22, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.771] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76792c22, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="..", cAlternateFileName="")) returned 1 [0040.771] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76792c22, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x798d48a0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x30ada, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="MPLog-07132009-221054.log", cAlternateFileName="MPLOG-~1.LOG")) returned 1 [0040.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0040.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0040.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0040.771] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\support\\mplog-07132009-221054.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.771] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76792c22, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x798d48a0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x30ada, dwReserved0=0x380043, dwReserved1=0x2d0044, cFileName="MPLog-07132009-221054.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0040.771] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0040.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.771] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76792c22, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Support", cAlternateFileName="")) returned 0 [0040.771] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0040.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0040.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0040.771] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0040.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0040.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0040.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0040.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0040.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0040.772] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0040.772] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0040.772] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="MSFax", cAlternateFileName="")) returned 1 [0040.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0040.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0040.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0040.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0040.772] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.783] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="..", cAlternateFileName="")) returned 1 [0040.783] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="ActivityLog", cAlternateFileName="ACTIVI~1")) returned 1 [0040.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.783] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.784] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0040.784] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 0 [0040.784] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.784] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="Common Coverpages", cAlternateFileName="COMMON~1")) returned 1 [0040.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0040.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.784] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.784] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0040.784] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="en-US", cAlternateFileName="")) returned 1 [0040.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0978 [0040.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a40 [0040.784] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0040.785] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0040.785] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x28aa, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="confident.cov", cAlternateFileName="")) returned 1 [0040.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ad8 [0040.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0040.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0040.785] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0040.791] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x2a09, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="fyi.cov", cAlternateFileName="")) returned 1 [0040.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ad8 [0040.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0040.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0040.791] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0040.791] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x3aa0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="generic.cov", cAlternateFileName="")) returned 1 [0040.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ad8 [0040.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0040.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0040.791] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0040.791] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x2886, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="urgent.cov", cAlternateFileName="")) returned 1 [0040.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ad8 [0040.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0040.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad8 | out: hHeap=0x6d0000) returned 1 [0040.792] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0040.792] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x2886, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="urgent.cov", cAlternateFileName="")) returned 0 [0040.792] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0040.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a40 | out: hHeap=0x6d0000) returned 1 [0040.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0040.792] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="en-US", cAlternateFileName="")) returned 0 [0040.792] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.792] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="Inbox", cAlternateFileName="")) returned 1 [0040.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0040.792] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.801] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0040.801] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 0 [0040.801] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0040.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.801] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="Queue", cAlternateFileName="")) returned 1 [0040.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0040.801] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.801] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0040.801] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 0 [0040.801] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0040.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.801] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="SentItems", cAlternateFileName="SENTIT~1")) returned 1 [0040.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0040.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0040.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0040.802] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.802] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0040.802] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 0 [0040.802] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.802] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 1 [0040.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0040.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2058 [0040.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.802] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0040.802] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0040.802] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="en-US", cAlternateFileName="")) returned 1 [0040.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0040.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0978 [0040.802] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cbf8ea, dwReserved1=0x1d91b669, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0040.804] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cbf8ea, dwReserved1=0x1d91b669, cFileName="..", cAlternateFileName="")) returned 1 [0040.804] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0x1cbf8ea, dwReserved1=0x1d91b669, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 1 [0040.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0040.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0aa8 [0040.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0040.804] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0040.804] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0x1cbf8ea, dwReserved1=0x1d91b669, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 0 [0040.804] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0040.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0040.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0040.804] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x1d91b669, cFileName="en-US", cAlternateFileName="")) returned 0 [0040.804] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0040.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0040.804] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 0 [0040.804] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0040.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0040.804] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="MSScan", cAlternateFileName="")) returned 1 [0040.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0040.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0040.804] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0040.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0040.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e1ff0 [0040.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0040.805] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.805] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="..", cAlternateFileName="")) returned 1 [0040.805] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea12c467, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xea12c467, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xea1525c5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x7e148, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="WelcomeScan.jpg", cAlternateFileName="")) returned 1 [0040.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0040.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2088 [0040.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0040.805] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0040.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2088 | out: hHeap=0x6d0000) returned 1 [0040.805] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea12c467, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xea12c467, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xea1525c5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x7e148, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="WelcomeScan.jpg", cAlternateFileName="")) returned 0 [0040.805] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0040.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0040.805] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="MSScan", cAlternateFileName="")) returned 0 [0040.805] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0040.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0040.805] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0040.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0040.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0040.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0040.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0040.806] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0040.806] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="..", cAlternateFileName="")) returned 1 [0040.806] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Profiles", cAlternateFileName="")) returned 1 [0040.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0040.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0040.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0040.806] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0040.806] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="..", cAlternateFileName="")) returned 1 [0040.806] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0444, dwReserved1=0x7fffaad0, cFileName="..", cAlternateFileName="")) returned 0 [0040.806] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0040.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0040.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.806] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x80ac5760, cFileName="Profiles", cAlternateFileName="")) returned 0 [0040.806] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0040.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0040.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0040.807] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="WwanSvc", cAlternateFileName="")) returned 0 [0040.807] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0040.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0040.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0040.807] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0040.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0040.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed830 [0040.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0040.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0040.807] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft Help\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0040.822] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 1 [0040.823] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x896b9210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x896b9210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Hx.hxn", cAlternateFileName="")) returned 1 [0040.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.823] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\Hx.hxn" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.824] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x186, lpOverlapped=0x0) returned 1 [0040.824] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.824] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x186, lpOverlapped=0x0) returned 1 [0040.825] CloseHandle (hObject=0x38) returned 1 [0040.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ee8 [0040.825] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\Hx.hxn" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\Hx.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn.adv")) returned 1 [0040.825] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.825] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.826] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa72fc10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa72fc10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.EXCEL.14.1033.hxn", cAlternateFileName="MSEXCE~1.HXN")) returned 1 [0040.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.826] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.840] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.840] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.840] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.841] CloseHandle (hObject=0x38) returned 1 [0040.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.841] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn.adv")) returned 1 [0040.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.841] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa755d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa755d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.EXCEL.DEV.14.1033.hxn", cAlternateFileName="MSEXCE~2.HXN")) returned 1 [0040.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.841] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.842] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.842] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.843] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.843] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.843] CloseHandle (hObject=0x38) returned 1 [0040.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.843] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn.adv")) returned 1 [0040.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.844] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.GRAPH.14.1033.hxn", cAlternateFileName="MSGRAP~1.HXN")) returned 1 [0040.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.844] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.847] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.848] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.848] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.848] CloseHandle (hObject=0x38) returned 1 [0040.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.848] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn.adv")) returned 1 [0040.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.849] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfd789af0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd789af0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfd822070, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.GROOVE.14.1033.hxn", cAlternateFileName="MSGROO~1.HXN")) returned 1 [0040.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.849] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.849] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x14c, lpOverlapped=0x0) returned 1 [0040.852] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.852] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x14c, lpOverlapped=0x0) returned 1 [0040.856] CloseHandle (hObject=0x38) returned 1 [0040.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.856] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn.adv")) returned 1 [0040.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.857] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x11446a50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.INFOPATH.14.1033.hxn", cAlternateFileName="MSINFO~1.HXN")) returned 1 [0040.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.857] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.865] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x158, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x158, lpOverlapped=0x0) returned 1 [0040.866] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.866] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x158, lpOverlapped=0x0) returned 1 [0040.866] CloseHandle (hObject=0x38) returned 1 [0040.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.867] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn.adv")) returned 1 [0040.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.867] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1146cbb0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.INFOPATHEDITOR.14.1033.hxn", cAlternateFileName="MSINFO~2.HXN")) returned 1 [0040.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.867] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.868] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x17c, lpOverlapped=0x0) returned 1 [0040.869] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.869] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x17c, lpOverlapped=0x0) returned 1 [0040.869] CloseHandle (hObject=0x38) returned 1 [0040.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1ee8 [0040.869] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn.adv")) returned 1 [0040.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.870] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.MSACCESS.14.1033.hxn", cAlternateFileName="MSMSAC~1.HXN")) returned 1 [0040.870] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.870] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.870] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.876] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x158, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x158, lpOverlapped=0x0) returned 1 [0040.877] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.877] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x158, lpOverlapped=0x0) returned 1 [0040.877] CloseHandle (hObject=0x38) returned 1 [0040.877] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.878] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn.adv")) returned 1 [0040.878] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.878] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.878] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.MSACCESS.DEV.14.1033.hxn", cAlternateFileName="MSMSAC~2.HXN")) returned 1 [0040.878] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.878] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.878] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.878] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.879] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x170, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x170, lpOverlapped=0x0) returned 1 [0040.879] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.879] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x170, lpOverlapped=0x0) returned 1 [0040.880] CloseHandle (hObject=0x38) returned 1 [0040.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1ee8 [0040.880] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn.adv")) returned 1 [0040.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.880] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.MSOUC.14.1033.hxn", cAlternateFileName="MSMSOU~1.HXN")) returned 1 [0040.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.880] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.889] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.890] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.890] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.890] CloseHandle (hObject=0x38) returned 1 [0040.890] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.890] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn.adv")) returned 1 [0040.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.891] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.MSPUB.14.1033.hxn", cAlternateFileName="MSMSPU~1.HXN")) returned 1 [0040.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.891] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.891] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.897] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.898] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.898] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.898] CloseHandle (hObject=0x38) returned 1 [0040.898] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.899] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn.adv")) returned 1 [0040.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.899] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.MSPUB.DEV.14.1033.hxn", cAlternateFileName="MSMSPU~2.HXN")) returned 1 [0040.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.899] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.899] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.899] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.900] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.900] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.901] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.901] CloseHandle (hObject=0x38) returned 1 [0040.901] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.901] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn.adv")) returned 1 [0040.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.901] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.MSTORE.14.1033.hxn", cAlternateFileName="MSMSTO~1.HXN")) returned 1 [0040.901] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.901] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.901] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.902] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x14c, lpOverlapped=0x0) returned 1 [0040.903] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.903] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x14c, lpOverlapped=0x0) returned 1 [0040.903] CloseHandle (hObject=0x38) returned 1 [0040.903] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.903] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn.adv")) returned 1 [0040.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.903] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x13a, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.OIS.14.1033.hxn", cAlternateFileName="MSOIS1~1.HXN")) returned 1 [0040.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.904] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.904] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.904] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x13a, lpOverlapped=0x0) returned 1 [0040.905] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.905] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x13a, lpOverlapped=0x0) returned 1 [0040.905] CloseHandle (hObject=0x38) returned 1 [0040.905] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.905] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn.adv")) returned 1 [0040.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.906] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xc997810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc997810, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc9e3ad0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.ONENOTE.14.1033.hxn", cAlternateFileName="MSONEN~1.HXN")) returned 1 [0040.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.906] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.906] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.916] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.917] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.917] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.917] CloseHandle (hObject=0x38) returned 1 [0040.917] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.917] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn.adv")) returned 1 [0040.917] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.917] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.917] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2689510, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.OUTLOOK.14.1033.hxn", cAlternateFileName="MSOUTL~1.HXN")) returned 1 [0040.917] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.917] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.917] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.918] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.922] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.923] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.923] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.923] CloseHandle (hObject=0x38) returned 1 [0040.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.923] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn.adv")) returned 1 [0040.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.926] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x26af670, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.OUTLOOK.DEV.14.1033.hxn", cAlternateFileName="MSOUTL~2.HXN")) returned 1 [0040.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.926] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.926] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x16a, lpOverlapped=0x0) returned 1 [0040.927] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.927] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x16a, lpOverlapped=0x0) returned 1 [0040.927] CloseHandle (hObject=0x38) returned 1 [0040.927] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1ee8 [0040.927] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn.adv")) returned 1 [0040.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.928] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.POWERPNT.14.1033.hxn", cAlternateFileName="MSPOWE~1.HXN")) returned 1 [0040.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.928] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.929] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x158, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x158, lpOverlapped=0x0) returned 1 [0040.930] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.930] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x158, lpOverlapped=0x0) returned 1 [0040.930] CloseHandle (hObject=0x38) returned 1 [0040.930] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.930] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn.adv")) returned 1 [0040.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.931] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.POWERPNT.DEV.14.1033.hxn", cAlternateFileName="MSPOWE~2.HXN")) returned 1 [0040.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.931] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.932] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x170, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x170, lpOverlapped=0x0) returned 1 [0040.932] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.932] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x170, lpOverlapped=0x0) returned 1 [0040.933] CloseHandle (hObject=0x38) returned 1 [0040.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1ee8 [0040.933] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn.adv")) returned 1 [0040.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.933] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.SETLANG.14.1033.hxn", cAlternateFileName="MSSETL~1.HXN")) returned 1 [0040.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.933] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.934] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.935] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.935] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.935] CloseHandle (hObject=0x38) returned 1 [0040.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.935] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn.adv")) returned 1 [0040.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.935] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x5269fec0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.VISIO.14.1033.hxn", cAlternateFileName="MSVISI~1.HXN")) returned 1 [0040.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.936] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.936] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.937] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.937] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x146, lpOverlapped=0x0) returned 1 [0040.938] CloseHandle (hObject=0x38) returned 1 [0040.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.938] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn.adv")) returned 1 [0040.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0040.938] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.VISIO.DEV.14.1033.hxn", cAlternateFileName="MSVISI~3.HXN")) returned 1 [0040.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.938] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.939] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.940] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.940] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.940] CloseHandle (hObject=0x38) returned 1 [0040.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.940] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn.adv")) returned 1 [0040.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.940] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.VISIO.SHAPESHEET.14.1033.hxn", cAlternateFileName="MSVISI~4.HXN")) returned 1 [0040.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f40 [0040.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.941] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.941] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x188, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x188, lpOverlapped=0x0) returned 1 [0040.942] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.942] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x188, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x188, lpOverlapped=0x0) returned 1 [0040.942] CloseHandle (hObject=0x38) returned 1 [0040.942] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0040.942] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn.adv")) returned 1 [0040.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0040.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0040.943] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.VISIO_PRM.14.1033.hxn", cAlternateFileName="MSE1C9~1.HXN")) returned 1 [0040.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.943] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.943] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.943] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.944] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.944] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.945] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.945] CloseHandle (hObject=0x38) returned 1 [0040.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.945] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn.adv")) returned 1 [0040.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.945] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.VISIO_STD.14.1033.hxn", cAlternateFileName="MSVISI~2.HXN")) returned 1 [0040.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.945] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.945] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.946] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.947] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.947] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x15e, lpOverlapped=0x0) returned 1 [0040.947] CloseHandle (hObject=0x38) returned 1 [0040.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.947] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn.adv")) returned 1 [0040.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.947] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.WINPROJ.14.1033.hxn", cAlternateFileName="MSWINP~1.HXN")) returned 1 [0040.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.947] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.947] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.948] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.949] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.949] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.949] CloseHandle (hObject=0x38) returned 1 [0040.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.949] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn.adv")) returned 1 [0040.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.950] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.WINPROJ.DEV.14.1033.hxn", cAlternateFileName="MSWINP~2.HXN")) returned 1 [0040.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.950] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.950] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.951] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x16a, lpOverlapped=0x0) returned 1 [0040.951] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.951] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x16a, lpOverlapped=0x0) returned 1 [0040.952] CloseHandle (hObject=0x38) returned 1 [0040.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1ee8 [0040.952] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn.adv")) returned 1 [0040.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.952] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.WINWORD.14.1033.hxn", cAlternateFileName="MSWINW~1.HXN")) returned 1 [0040.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.952] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.954] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.955] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.955] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x152, lpOverlapped=0x0) returned 1 [0040.955] CloseHandle (hObject=0x38) returned 1 [0040.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0040.955] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn.adv")) returned 1 [0040.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0040.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.956] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="MS.WINWORD.DEV.14.1033.hxn", cAlternateFileName="MSWINW~2.HXN")) returned 1 [0040.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0040.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.956] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.956] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x16a, lpOverlapped=0x0) returned 1 [0040.957] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0040.957] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x16a, lpOverlapped=0x0) returned 1 [0040.957] CloseHandle (hObject=0x38) returned 1 [0040.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1ee8 [0040.957] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.adv" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn.adv")) returned 1 [0040.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0040.958] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x21dc, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="nslist.hxl", cAlternateFileName="")) returned 1 [0040.958] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0040.958] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0040.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0040.958] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\nslist.hxl" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0040.958] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x21dc, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x21dc, lpOverlapped=0x0) returned 1 [0041.437] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.437] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x21dc, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x21dc, lpOverlapped=0x0) returned 1 [0041.437] CloseHandle (hObject=0x38) returned 1 [0041.437] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0041.438] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft Help\\nslist.hxl" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl"), lpNewFileName="C:\\Users\\All Users\\Microsoft Help\\nslist.hxl.adv" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl.adv")) returned 1 [0041.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0041.438] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0041.438] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x21dc, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="nslist.hxl", cAlternateFileName="")) returned 0 [0041.439] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0041.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0041.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0041.439] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0041.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0041.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0041.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0041.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0041.439] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0041.439] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 1 [0041.439] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="logs", cAlternateFileName="")) returned 1 [0041.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0041.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0041.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f68 [0041.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0041.439] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xaf8556a0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0041.440] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dda4, dwReserved1=0xaf8556a0, cFileName="..", cAlternateFileName="")) returned 1 [0041.440] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0x1d2dda4, dwReserved1=0xaf8556a0, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 1 [0041.440] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0041.440] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1fd0 [0041.440] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0041.440] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8c) returned 0x6e2038 [0041.440] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd0 | out: hHeap=0x6d0000) returned 1 [0041.440] CreateFileW (lpFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0041.441] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa4, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xa4, lpOverlapped=0x0) returned 1 [0041.442] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.442] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xa4, lpOverlapped=0x0) returned 1 [0041.442] CloseHandle (hObject=0x3c) returned 1 [0041.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0041.442] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log"), lpNewFileName="C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.adv" (normalized: "c:\\users\\all users\\mozilla\\logs\\maintenanceservice-install.log.adv")) returned 1 [0041.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0041.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0041.443] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0x1d2dda4, dwReserved1=0xaf8556a0, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 0 [0041.443] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0041.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f68 | out: hHeap=0x6d0000) returned 1 [0041.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0041.443] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="logs", cAlternateFileName="")) returned 0 [0041.443] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0041.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0041.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0041.443] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0041.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0041.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0041.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0041.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0041.443] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0041.443] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 1 [0041.443] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 0 [0041.444] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0041.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0041.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0041.444] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0041.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0041.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed830 [0041.444] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0041.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0041.444] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0041.558] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 1 [0041.560] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cAlternateFileName="42D5BE~1")) returned 1 [0041.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0041.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e1f40 [0041.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0041.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e1fe8 [0041.561] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0041.563] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0041.563] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0041.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2090 [0041.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f08b0 [0041.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0041.563] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e2090 [0041.563] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0041.564] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName="..", cAlternateFileName="")) returned 1 [0041.564] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName="Patch", cAlternateFileName="")) returned 1 [0041.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f09a8 [0041.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0a60 [0041.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09a8 | out: hHeap=0x6d0000) returned 1 [0041.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0041.564] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0041.564] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName="..", cAlternateFileName="")) returned 1 [0041.564] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName="x64", cAlternateFileName="")) returned 1 [0041.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3840 [0041.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3908 [0041.564] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0041.564] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName="..", cAlternateFileName="")) returned 1 [0041.564] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0041.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39d0 [0041.564] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3a98 [0041.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39d0 | out: hHeap=0x6d0000) returned 1 [0041.564] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0041.565] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf7139, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xf7139, lpOverlapped=0x0) returned 1 [0041.581] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.581] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf7139, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xf7139, lpOverlapped=0x0) returned 1 [0041.583] CloseHandle (hObject=0x48) returned 1 [0041.583] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3bc0 [0041.583] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.adv" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.adv")) returned 1 [0041.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bc0 | out: hHeap=0x6d0000) returned 1 [0041.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a98 | out: hHeap=0x6d0000) returned 1 [0041.584] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0041.584] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0041.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3908 | out: hHeap=0x6d0000) returned 1 [0041.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0041.584] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName="x64", cAlternateFileName="")) returned 0 [0041.584] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0041.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0041.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a60 | out: hHeap=0x6d0000) returned 1 [0041.584] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x29272c20, cFileName="Patch", cAlternateFileName="")) returned 0 [0041.584] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0041.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0041.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0041.585] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0041.585] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0041.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe8 | out: hHeap=0x6d0000) returned 1 [0041.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0041.585] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cAlternateFileName="54050A~1")) returned 1 [0041.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0041.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e1f40 [0041.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0041.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e1fe8 [0041.585] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0041.586] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0041.586] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0041.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2090 [0041.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f08b0 [0041.586] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0041.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e2090 [0041.586] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0041.586] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName="..", cAlternateFileName="")) returned 1 [0041.586] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName="Patch", cAlternateFileName="")) returned 1 [0041.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f09a8 [0041.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0a60 [0041.586] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09a8 | out: hHeap=0x6d0000) returned 1 [0041.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0041.586] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0041.587] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName="..", cAlternateFileName="")) returned 1 [0041.587] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName="x64", cAlternateFileName="")) returned 1 [0041.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3840 [0041.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3908 [0041.587] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0041.588] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName="..", cAlternateFileName="")) returned 1 [0041.588] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0041.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39d0 [0041.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3a98 [0041.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39d0 | out: hHeap=0x6d0000) returned 1 [0041.588] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0041.588] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfc93c, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xfc93c, lpOverlapped=0x0) returned 1 [0041.609] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.609] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfc93c, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xfc93c, lpOverlapped=0x0) returned 1 [0041.611] CloseHandle (hObject=0x48) returned 1 [0041.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3bc0 [0041.611] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.adv" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.adv")) returned 1 [0041.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bc0 | out: hHeap=0x6d0000) returned 1 [0041.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a98 | out: hHeap=0x6d0000) returned 1 [0041.612] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0041.612] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0041.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3908 | out: hHeap=0x6d0000) returned 1 [0041.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0041.612] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName="x64", cAlternateFileName="")) returned 0 [0041.612] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0041.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0041.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a60 | out: hHeap=0x6d0000) returned 1 [0041.613] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa989d730, cFileName="Patch", cAlternateFileName="")) returned 0 [0041.613] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0041.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0041.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0041.613] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0041.613] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0041.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe8 | out: hHeap=0x6d0000) returned 1 [0041.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0041.613] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cAlternateFileName="{13A4E~1.210")) returned 1 [0041.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0041.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0041.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0041.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0041.613] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0041.613] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0041.613] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0041.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0041.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0041.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0041.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0041.613] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcb95720, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0041.614] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcb95720, cFileName="..", cAlternateFileName="")) returned 1 [0041.614] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcb95720, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0041.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0041.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0041.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0041.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0041.614] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcb95720, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0041.615] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcb95720, cFileName="..", cAlternateFileName="")) returned 1 [0041.615] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0xf36be, dwReserved0=0x1d2e621, dwReserved1=0xcb95720, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0041.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0041.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0041.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0041.615] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0041.615] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xf36be, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xf36be, lpOverlapped=0x0) returned 1 [0041.626] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.626] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xf36be, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xf36be, lpOverlapped=0x0) returned 1 [0041.628] CloseHandle (hObject=0x44) returned 1 [0041.628] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3cc8 [0041.628] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab.adv")) returned 1 [0041.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0041.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0041.629] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2e621, dwReserved1=0xcb95720, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0041.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0041.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0041.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0041.629] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0041.630] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0041.642] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.642] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0041.643] CloseHandle (hObject=0x44) returned 1 [0041.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e3cc8 [0041.643] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.adv")) returned 1 [0041.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0041.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0041.644] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2e621, dwReserved1=0xcb95720, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0041.644] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0041.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0041.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0041.644] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcb95720, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0041.644] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0041.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0041.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0041.644] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0041.644] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0041.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0041.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0041.644] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1 [0041.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0041.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f40 [0041.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0041.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0041.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0041.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.645] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0041.645] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0041.645] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd314a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf08b3aa0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0041.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0041.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0041.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.645] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0041.646] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28e, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x28e, lpOverlapped=0x0) returned 1 [0041.647] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.647] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x28e, lpOverlapped=0x0) returned 1 [0041.647] CloseHandle (hObject=0x3c) returned 1 [0041.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1fd8 [0041.647] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.adv" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.adv")) returned 1 [0041.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0041.649] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0041.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0041.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0041.649] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.649] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0041.649] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6f428, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x6f428, lpOverlapped=0x0) returned 1 [0041.655] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.655] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6f428, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x6f428, lpOverlapped=0x0) returned 1 [0041.656] CloseHandle (hObject=0x3c) returned 1 [0041.656] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e1fd8 [0041.656] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.adv" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.adv")) returned 1 [0041.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0041.657] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0041.657] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0041.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0041.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0041.657] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1 [0041.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0041.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0041.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0041.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0041.657] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0041.658] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0041.658] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0041.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0041.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0041.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0041.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0041.659] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabe4080, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0041.659] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabe4080, cFileName="..", cAlternateFileName="")) returned 1 [0041.659] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabe4080, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0041.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0041.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0041.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0041.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0041.659] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabe4080, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0041.659] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabe4080, cFileName="..", cAlternateFileName="")) returned 1 [0041.659] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa87bcb00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0xa87bcb00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0xa87bcb00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x588124, dwReserved0=0x1d2e620, dwReserved1=0xfabe4080, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0041.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0041.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0041.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0041.659] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0041.660] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x588124, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x588124, lpOverlapped=0x0) returned 1 [0041.757] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.758] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x588124, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x588124, lpOverlapped=0x0) returned 1 [0041.822] CloseHandle (hObject=0x44) returned 1 [0041.822] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3cc8 [0041.822] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab.adv")) returned 1 [0041.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0041.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0041.823] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x1d2e620, dwReserved1=0xfabe4080, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0041.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0041.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0041.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0041.823] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0041.826] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x25000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x25000, lpOverlapped=0x0) returned 1 [0041.829] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.829] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x25000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x25000, lpOverlapped=0x0) returned 1 [0041.830] CloseHandle (hObject=0x44) returned 1 [0041.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3cc8 [0041.830] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.adv")) returned 1 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0041.831] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x1d2e620, dwReserved1=0xfabe4080, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0041.831] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0041.831] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabe4080, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0041.831] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0041.831] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0041.831] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0041.831] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cAlternateFileName="{3C3AA~1")) returned 1 [0041.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0041.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f40 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0041.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0041.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0041.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.831] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0041.832] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0041.832] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a127460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1c821ca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0041.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0041.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0041.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.832] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0041.833] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x29a, lpOverlapped=0x0) returned 1 [0041.834] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.834] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x29a, lpOverlapped=0x0) returned 1 [0041.834] CloseHandle (hObject=0x3c) returned 1 [0041.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1fd8 [0041.834] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.adv" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.adv")) returned 1 [0041.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0041.835] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0041.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0041.835] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0041.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.835] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0041.836] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x710a8, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x710a8, lpOverlapped=0x0) returned 1 [0041.841] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.841] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x710a8, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x710a8, lpOverlapped=0x0) returned 1 [0041.843] CloseHandle (hObject=0x3c) returned 1 [0041.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e1fd8 [0041.843] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.adv" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.adv")) returned 1 [0041.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0041.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0041.843] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0041.844] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0041.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0041.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0041.844] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cAlternateFileName="{582EA~1.250")) returned 1 [0041.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0041.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0041.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0041.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0041.844] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0041.844] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0041.844] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0041.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0041.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0041.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0041.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0041.844] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0041.845] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="..", cAlternateFileName="")) returned 1 [0041.845] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0041.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0041.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0041.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0041.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0041.845] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0041.845] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="..", cAlternateFileName="")) returned 1 [0041.845] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e8b00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd15e8b00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd15e8b00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x13babb, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0041.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0041.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0041.845] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0041.845] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0041.846] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13babb, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x13babb, lpOverlapped=0x0) returned 1 [0041.867] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.867] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13babb, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x13babb, lpOverlapped=0x0) returned 1 [0041.873] CloseHandle (hObject=0x44) returned 1 [0041.873] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3cc8 [0041.873] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab.adv")) returned 1 [0041.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0041.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0041.874] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0041.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0041.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0041.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0041.874] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0041.875] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x24000, lpOverlapped=0x0) returned 1 [0041.878] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.878] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x24000, lpOverlapped=0x0) returned 1 [0041.878] CloseHandle (hObject=0x44) returned 1 [0041.878] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e3cc8 [0041.878] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.adv")) returned 1 [0041.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0041.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0041.879] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0041.879] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0041.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0041.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0041.879] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0041.879] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0041.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0041.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0041.879] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0041.880] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0041.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0041.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0041.880] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cAlternateFileName="{68306~1.250")) returned 1 [0041.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0041.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0041.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0041.880] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0041.880] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0041.881] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0041.881] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0041.881] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0041.881] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0041.881] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0041.881] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0041.881] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0041.881] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="..", cAlternateFileName="")) returned 1 [0041.881] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0041.881] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0041.881] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0041.881] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0041.881] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0041.881] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0041.882] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="..", cAlternateFileName="")) returned 1 [0041.882] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x4f699e, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0041.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0041.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0041.882] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0041.882] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0041.882] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f699e, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4f699e, lpOverlapped=0x0) returned 1 [0041.966] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.966] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f699e, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4f699e, lpOverlapped=0x0) returned 1 [0042.016] CloseHandle (hObject=0x44) returned 1 [0042.016] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3cc8 [0042.016] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab.adv")) returned 1 [0042.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0042.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0042.017] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0042.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0042.017] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0042.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0042.017] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0042.017] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0042.026] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0042.026] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0042.027] CloseHandle (hObject=0x44) returned 1 [0042.027] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3cc8 [0042.027] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.adv")) returned 1 [0042.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0042.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0042.027] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0042.028] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0042.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0042.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0042.028] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fc27, dwReserved1=0xf94d4300, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0042.028] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0042.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0042.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0042.028] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0042.028] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0042.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0042.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0042.028] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cAlternateFileName="{8D4F7~1.250")) returned 1 [0042.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0042.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0042.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0042.028] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0042.028] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0042.029] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0042.029] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0042.029] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0042.029] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0042.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0042.029] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0042.029] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa931c450, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0042.030] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa931c450, cFileName="..", cAlternateFileName="")) returned 1 [0042.030] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa931c450, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0042.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0042.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0042.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0042.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0042.030] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa931c450, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0042.030] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa931c450, cFileName="..", cAlternateFileName="")) returned 1 [0042.030] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x165257, dwReserved0=0x1d2fab4, dwReserved1=0xa931c450, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0042.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0042.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0042.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0042.030] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0042.031] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x165257, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x165257, lpOverlapped=0x0) returned 1 [0042.053] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0042.053] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x165257, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x165257, lpOverlapped=0x0) returned 1 [0042.058] CloseHandle (hObject=0x44) returned 1 [0042.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3cc8 [0042.058] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab.adv")) returned 1 [0042.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0042.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0042.059] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x1d2fab4, dwReserved1=0xa931c450, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0042.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0042.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0042.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0042.059] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0042.060] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x24000, lpOverlapped=0x0) returned 1 [0042.062] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0042.062] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x24000, lpOverlapped=0x0) returned 1 [0042.063] CloseHandle (hObject=0x44) returned 1 [0042.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3cc8 [0042.063] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.adv")) returned 1 [0042.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0042.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0042.064] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x1d2fab4, dwReserved1=0xa931c450, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0042.064] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0042.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0042.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0042.065] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa931c450, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0042.066] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0042.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0042.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0042.066] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0042.066] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0042.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0042.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0042.066] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1 [0042.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0042.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0042.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0042.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0042.066] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0042.066] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0042.066] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0042.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0042.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0042.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0042.066] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0042.066] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a20bca0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0042.066] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a20bca0, cFileName="..", cAlternateFileName="")) returned 1 [0042.067] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a20bca0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0042.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0042.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0042.067] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0042.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0042.067] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a20bca0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0042.067] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a20bca0, cFileName="..", cAlternateFileName="")) returned 1 [0042.067] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c9b1b00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7c9b1b00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7c9b1b00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x554520, dwReserved0=0x1d2e621, dwReserved1=0x1a20bca0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0042.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0042.067] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0042.067] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0042.067] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0042.068] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x554520, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x554520, lpOverlapped=0x0) returned 1 [0042.160] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0042.160] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x554520, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x554520, lpOverlapped=0x0) returned 1 [0042.281] CloseHandle (hObject=0x44) returned 1 [0042.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3cc8 [0042.282] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab.adv")) returned 1 [0042.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0042.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0042.283] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2e621, dwReserved1=0x1a20bca0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0042.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0042.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0042.283] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0042.283] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0042.283] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0042.347] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0042.347] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0042.347] CloseHandle (hObject=0x44) returned 1 [0042.347] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3cc8 [0042.347] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.adv")) returned 1 [0042.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0042.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0042.348] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2e621, dwReserved1=0x1a20bca0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0042.348] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0042.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0042.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0042.348] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a20bca0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0042.348] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0042.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0042.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0042.348] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0042.348] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0042.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0042.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0042.349] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1 [0042.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0042.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0042.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0042.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0042.349] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0042.349] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0042.349] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0042.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0042.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0042.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0042.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0042.349] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a1e5b40, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0042.349] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a1e5b40, cFileName="..", cAlternateFileName="")) returned 1 [0042.349] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a1e5b40, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0042.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0042.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0042.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0042.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0042.349] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a1e5b40, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0042.350] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a1e5b40, cFileName="..", cAlternateFileName="")) returned 1 [0042.350] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b69ee00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7b69ee00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7b69ee00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0xfc90a, dwReserved0=0x1d2e621, dwReserved1=0x1a1e5b40, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0042.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0042.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0042.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0042.350] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0042.350] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xfc90a, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xfc90a, lpOverlapped=0x0) returned 1 [0042.360] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0042.360] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xfc90a, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xfc90a, lpOverlapped=0x0) returned 1 [0042.363] CloseHandle (hObject=0x44) returned 1 [0042.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3cc8 [0042.363] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab.adv")) returned 1 [0042.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0042.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0042.363] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2e621, dwReserved1=0x1a1e5b40, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0042.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0042.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0042.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0042.364] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0042.364] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0042.367] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0042.367] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0042.367] CloseHandle (hObject=0x44) returned 1 [0042.367] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3cc8 [0042.367] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.adv")) returned 1 [0042.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0042.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0042.368] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2e621, dwReserved1=0x1a1e5b40, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0042.368] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0042.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0042.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0042.368] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0x1a1e5b40, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0042.368] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0042.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0042.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0042.368] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0042.368] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0042.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0042.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0042.368] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1 [0042.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0042.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0042.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0042.368] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0042.368] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0042.369] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0042.369] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0042.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0042.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0042.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0042.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0042.369] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0042.372] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="..", cAlternateFileName="")) returned 1 [0042.372] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0042.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0042.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0042.372] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0042.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0042.372] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0042.373] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="..", cAlternateFileName="")) returned 1 [0042.373] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aae6600, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x8aae6600, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x8aae6600, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x4ea418, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0042.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0042.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0042.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0042.374] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0042.374] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ea418, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4ea418, lpOverlapped=0x0) returned 1 [0042.850] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0042.850] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ea418, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4ea418, lpOverlapped=0x0) returned 1 [0042.980] CloseHandle (hObject=0x44) returned 1 [0042.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3cc8 [0042.980] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab.adv")) returned 1 [0043.042] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0043.042] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0043.042] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0043.042] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0043.042] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0043.042] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0043.042] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.044] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x25000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x25000, lpOverlapped=0x0) returned 1 [0043.047] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.048] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x25000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x25000, lpOverlapped=0x0) returned 1 [0043.048] CloseHandle (hObject=0x44) returned 1 [0043.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3cc8 [0043.048] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.adv")) returned 1 [0043.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0043.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0043.049] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0043.049] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0043.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0043.049] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0043.049] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0043.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0043.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0043.049] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0043.049] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0043.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0043.049] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1 [0043.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0043.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0043.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0043.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0043.050] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.050] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0043.050] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0043.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0043.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0043.050] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0043.050] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0043.051] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="..", cAlternateFileName="")) returned 1 [0043.051] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0043.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0043.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0043.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0043.051] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.052] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="..", cAlternateFileName="")) returned 1 [0043.052] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x884c0c00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x884c0c00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x884c0c00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc89b1, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0043.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0043.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0043.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0043.052] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.052] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc89b1, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xc89b1, lpOverlapped=0x0) returned 1 [0043.062] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.062] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc89b1, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xc89b1, lpOverlapped=0x0) returned 1 [0043.064] CloseHandle (hObject=0x44) returned 1 [0043.064] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3cc8 [0043.064] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab.adv")) returned 1 [0043.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0043.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0043.065] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0043.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0043.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0043.065] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0043.065] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.065] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x25000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x25000, lpOverlapped=0x0) returned 1 [0043.068] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.068] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x25000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x25000, lpOverlapped=0x0) returned 1 [0043.069] CloseHandle (hObject=0x44) returned 1 [0043.069] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6e3cc8 [0043.069] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.adv")) returned 1 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0043.072] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0043.072] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0043.072] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xedbebcc0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0043.072] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0043.072] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0043.072] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0043.072] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1 [0043.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0043.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f40 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0043.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.072] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0043.072] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.072] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.079] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0043.079] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfe3882c0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0043.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0043.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.080] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0043.082] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x28e, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x28e, lpOverlapped=0x0) returned 1 [0043.082] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.082] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x28e, lpOverlapped=0x0) returned 1 [0043.083] CloseHandle (hObject=0x3c) returned 1 [0043.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1fd8 [0043.083] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.adv" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.adv")) returned 1 [0043.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0043.084] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0043.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.084] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0043.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.084] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0043.084] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6f398, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x6f398, lpOverlapped=0x0) returned 1 [0043.091] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.091] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6f398, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x6f398, lpOverlapped=0x0) returned 1 [0043.092] CloseHandle (hObject=0x3c) returned 1 [0043.092] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e1fd8 [0043.092] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.adv" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.adv")) returned 1 [0043.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0043.093] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0043.093] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0043.093] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1 [0043.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0043.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0043.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0043.093] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0043.093] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.095] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0043.095] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0043.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0043.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0043.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0043.095] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabbdf20, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0043.096] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabbdf20, cFileName="..", cAlternateFileName="")) returned 1 [0043.096] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabbdf20, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0043.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0043.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0043.096] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0043.096] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabbdf20, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.096] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabbdf20, cFileName="..", cAlternateFileName="")) returned 1 [0043.096] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x969a2800, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x969a2800, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x969a2800, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc5b25, dwReserved0=0x1d2e620, dwReserved1=0xfabbdf20, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0043.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0043.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0043.096] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0043.096] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.096] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc5b25, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xc5b25, lpOverlapped=0x0) returned 1 [0043.107] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.107] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc5b25, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xc5b25, lpOverlapped=0x0) returned 1 [0043.109] CloseHandle (hObject=0x44) returned 1 [0043.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3cc8 [0043.109] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab.adv")) returned 1 [0043.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0043.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0043.109] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x1d2e620, dwReserved1=0xfabbdf20, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0043.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0043.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0043.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0043.109] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.111] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x25000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x25000, lpOverlapped=0x0) returned 1 [0043.114] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.114] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x25000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x25000, lpOverlapped=0x0) returned 1 [0043.114] CloseHandle (hObject=0x44) returned 1 [0043.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3cc8 [0043.114] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.adv")) returned 1 [0043.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0043.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0043.115] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x1d2e620, dwReserved1=0xfabbdf20, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0043.115] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0043.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0043.115] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0xfabbdf20, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0043.115] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0043.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0043.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0043.115] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0043.115] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0043.116] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0043.116] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cAlternateFileName="{E5127~1.250")) returned 1 [0043.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0043.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0043.116] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0043.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0043.116] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.116] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0043.116] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0043.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0043.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0043.116] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0043.116] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa9368710, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0043.117] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa9368710, cFileName="..", cAlternateFileName="")) returned 1 [0043.117] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa9368710, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0043.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0043.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0043.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0043.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3a60 [0043.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0043.117] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa9368710, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.117] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa9368710, cFileName="..", cAlternateFileName="")) returned 1 [0043.117] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdae7f300, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xdae7f300, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xdae7f300, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x59bde5, dwReserved0=0x1d2fab4, dwReserved1=0xa9368710, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0043.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0043.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3bd0 [0043.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0043.117] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.119] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x59bde5, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x59bde5, lpOverlapped=0x0) returned 1 [0043.266] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.266] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x59bde5, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x59bde5, lpOverlapped=0x0) returned 1 [0043.334] CloseHandle (hObject=0x44) returned 1 [0043.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3d40 [0043.334] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab.adv")) returned 1 [0043.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d40 | out: hHeap=0x6d0000) returned 1 [0043.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bd0 | out: hHeap=0x6d0000) returned 1 [0043.335] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2fab4, dwReserved1=0xa9368710, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0043.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0043.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3bd0 [0043.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0043.335] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.337] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0043.340] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.340] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0043.340] CloseHandle (hObject=0x44) returned 1 [0043.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3d40 [0043.340] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.adv")) returned 1 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d40 | out: hHeap=0x6d0000) returned 1 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bd0 | out: hHeap=0x6d0000) returned 1 [0043.341] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2fab4, dwReserved1=0xa9368710, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0043.341] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0043.341] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2fab4, dwReserved1=0xa9368710, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0043.341] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0043.341] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0043.341] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0043.341] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{e52a6842-b0ac-476e-b48f-378a97a67346}", cAlternateFileName="{E52A6~1")) returned 1 [0043.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0043.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f40 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0043.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.341] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0043.341] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.341] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.342] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0043.342] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xe9f9cff0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0043.342] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.342] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0043.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.342] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0043.342] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x2fe, lpOverlapped=0x0) returned 1 [0043.344] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.344] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x2fe, lpOverlapped=0x0) returned 1 [0043.344] CloseHandle (hObject=0x3c) returned 1 [0043.344] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1fd8 [0043.344] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.adv" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.adv")) returned 1 [0043.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0043.345] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0043.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.345] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0043.345] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.345] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0043.345] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbee38, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xbee38, lpOverlapped=0x0) returned 1 [0043.353] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.354] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbee38, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xbee38, lpOverlapped=0x0) returned 1 [0043.356] CloseHandle (hObject=0x3c) returned 1 [0043.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e1fd8 [0043.356] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.adv" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.adv")) returned 1 [0043.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0043.356] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0043.356] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0043.357] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cAlternateFileName="{E6E75~1")) returned 1 [0043.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0043.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f40 [0043.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0043.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0043.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.357] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.357] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0043.358] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcad7040, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x105e7220, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0043.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.358] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0043.358] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.358] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0043.358] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x29a, lpOverlapped=0x0) returned 1 [0043.359] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.359] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x29a, lpOverlapped=0x0) returned 1 [0043.359] CloseHandle (hObject=0x3c) returned 1 [0043.359] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1fd8 [0043.359] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.adv" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.adv")) returned 1 [0043.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0043.360] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0043.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0043.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.360] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0043.362] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x71080, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x71080, lpOverlapped=0x0) returned 1 [0043.368] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.368] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x71080, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x71080, lpOverlapped=0x0) returned 1 [0043.369] CloseHandle (hObject=0x3c) returned 1 [0043.369] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e1fd8 [0043.369] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.adv" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.adv")) returned 1 [0043.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0043.370] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0043.370] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0043.370] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cAlternateFileName="{F325F~1")) returned 1 [0043.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0043.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f40 [0043.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0043.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f08b0 [0043.370] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.370] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.372] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0043.372] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93efac0, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x6601040, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0043.372] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0043.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.373] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0043.373] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x2fe, lpOverlapped=0x0) returned 1 [0043.374] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.374] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x2fe, lpOverlapped=0x0) returned 1 [0043.374] CloseHandle (hObject=0x3c) returned 1 [0043.374] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1fd8 [0043.375] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.adv" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.adv")) returned 1 [0043.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0043.375] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0043.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1fd8 [0043.375] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0990 [0043.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.375] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0043.376] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbee30, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xbee30, lpOverlapped=0x0) returned 1 [0043.386] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.386] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbee30, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xbee30, lpOverlapped=0x0) returned 1 [0043.388] CloseHandle (hObject=0x3c) returned 1 [0043.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e1fd8 [0043.388] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.adv" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe.adv")) returned 1 [0043.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd8 | out: hHeap=0x6d0000) returned 1 [0043.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0990 | out: hHeap=0x6d0000) returned 1 [0043.389] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0043.389] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0043.389] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 1 [0043.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0043.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f40 [0043.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0043.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1ff8 [0043.389] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.389] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="..", cAlternateFileName="")) returned 1 [0043.389] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 1 [0043.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0043.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6f0968 [0043.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0a78 [0043.389] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcbbb880, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0043.390] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcbbb880, cFileName="..", cAlternateFileName="")) returned 1 [0043.390] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcbbb880, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0043.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0043.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3840 [0043.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3968 [0043.390] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcbbb880, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.390] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcbbb880, cFileName="..", cAlternateFileName="")) returned 1 [0043.390] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532ebf00, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x532ebf00, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x532ebf00, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x4b4520, dwReserved0=0x1d2e621, dwReserved1=0xcbbb880, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0043.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0043.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0043.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0043.390] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.390] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4b4520, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4b4520, lpOverlapped=0x0) returned 1 [0043.477] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.477] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4b4520, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4b4520, lpOverlapped=0x0) returned 1 [0043.533] CloseHandle (hObject=0x44) returned 1 [0043.533] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3cc8 [0043.533] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.adv" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab.adv")) returned 1 [0043.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0043.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0043.534] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x4f9b3800, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2e621, dwReserved1=0xcbbb880, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0043.534] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3a60 [0043.534] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x166) returned 0x6e3b58 [0043.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a60 | out: hHeap=0x6d0000) returned 1 [0043.534] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.534] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x23000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0043.545] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.545] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x23000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x23000, lpOverlapped=0x0) returned 1 [0043.545] CloseHandle (hObject=0x44) returned 1 [0043.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6e3cc8 [0043.546] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), lpNewFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.adv" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.adv")) returned 1 [0043.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0043.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b58 | out: hHeap=0x6d0000) returned 1 [0043.546] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x4f9b3800, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x1d2e621, dwReserved1=0xcbbb880, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0043.546] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3968 | out: hHeap=0x6d0000) returned 1 [0043.546] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3840 | out: hHeap=0x6d0000) returned 1 [0043.546] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e621, dwReserved1=0xcbbb880, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0043.546] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a78 | out: hHeap=0x6d0000) returned 1 [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0968 | out: hHeap=0x6d0000) returned 1 [0043.547] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e620, dwReserved1=0x4819be0, cFileName="packages", cAlternateFileName="")) returned 0 [0043.547] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff8 | out: hHeap=0x6d0000) returned 1 [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0043.547] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 0 [0043.547] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0043.547] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0043.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0043.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0043.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0043.547] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="")) returned 0xffffffff [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0043.547] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Sun", cAlternateFileName="")) returned 1 [0043.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0043.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0043.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0043.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0043.547] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0043.548] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 1 [0043.548] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Java", cAlternateFileName="")) returned 1 [0043.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0043.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1ee0 [0043.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0043.548] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6ed830 [0043.548] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x803771e0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.549] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 1 [0043.549] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x803771e0, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 1 [0043.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f30 [0043.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f78 [0043.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f30 | out: hHeap=0x6d0000) returned 1 [0043.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0043.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0043.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0043.549] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x803771e0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0043.549] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x803771e0, cFileName="..", cAlternateFileName="")) returned 1 [0043.549] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0x1d2e627, dwReserved1=0x803771e0, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 1 [0043.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0043.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0043.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0043.549] CreateFileW (lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0043.550] ReadFile (in: hFile=0x40, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x77, lpNumberOfBytesRead=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ebf4*=0x77, lpOverlapped=0x0) returned 1 [0043.551] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.551] WriteFile (in: hFile=0x40, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x77, lpNumberOfBytesWritten=0x31ebf4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ebf4*=0x77, lpOverlapped=0x0) returned 1 [0043.551] CloseHandle (hObject=0x40) returned 1 [0043.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.551] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), lpNewFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml.adv" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml.adv")) returned 1 [0043.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.551] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0043.551] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0x1d2e627, dwReserved1=0x803771e0, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 0 [0043.551] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f78 | out: hHeap=0x6d0000) returned 1 [0043.552] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2e627, dwReserved1=0x803771e0, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 0 [0043.552] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0043.552] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Java", cAlternateFileName="")) returned 0 [0043.552] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0043.552] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0043.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0043.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0043.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0043.552] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Templates\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x803771e0, cFileName="Java", cAlternateFileName="")) returned 0xffffffff [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0043.552] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0 [0043.552] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67b8 | out: hHeap=0x6d0000) returned 1 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0043.552] FindNextFileW (in: hFindFile=0x6e1e50, lpFindFileData=0x31f5a4 | out: lpFindFileData=0x31f5a4*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x1, cFileName="Default", cAlternateFileName="")) returned 1 [0043.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0450 [0043.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e6780 [0043.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0450 | out: hHeap=0x6d0000) returned 1 [0043.552] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e67b8 [0043.552] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*", lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0043.553] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="..", cAlternateFileName="")) returned 1 [0043.553] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="AppData", cAlternateFileName="")) returned 1 [0043.553] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0043.553] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0043.553] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0043.553] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0043.553] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0043.553] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0043.553] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Local", cAlternateFileName="")) returned 1 [0043.553] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0043.553] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0043.553] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f68 [0043.553] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0043.553] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0043.554] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.554] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0043.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0043.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fd0 [0043.554] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0043.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2038 [0043.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20a0 [0043.554] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0043.554] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Application Data\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x6e6856, ftCreationTime.dwLowDateTime=0x38, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x460046, ftLastAccessTime.dwHighDateTime=0x6e6810, ftLastWriteTime.dwLowDateTime=0x2, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0xfda01e06, dwReserved0=0x1ca0431, dwReserved1=0x66fe9c0, cFileName="?ǒ睊鏤褧Nj䬠ٲ?ǒ", cAlternateFileName="")) returned 0xffffffff [0043.554] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.554] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd0 | out: hHeap=0x6d0000) returned 1 [0043.554] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="History", cAlternateFileName="")) returned 1 [0043.554] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0043.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1fd0 [0043.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0043.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0043.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0043.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0043.555] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\History\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x6e6856, ftCreationTime.dwLowDateTime=0x38, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x460046, ftLastAccessTime.dwHighDateTime=0x6e6810, ftLastWriteTime.dwLowDateTime=0x2, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0xfda01e06, dwReserved0=0x1ca0431, dwReserved1=0x66fe9c0, cFileName="?ǒ睊鏤褧Nj䬠ٲ?ǒ", cAlternateFileName="")) returned 0xffffffff [0043.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0043.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd0 | out: hHeap=0x6d0000) returned 1 [0043.555] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x66b2700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xddd35f67, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xbd7f0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0043.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0043.555] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fd0 [0043.555] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0043.555] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0043.557] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbd7f0, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xbd7f0, lpOverlapped=0x0) returned 1 [0043.565] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.565] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbd7f0, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xbd7f0, lpOverlapped=0x0) returned 1 [0043.567] CloseHandle (hObject=0x3c) returned 1 [0043.567] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2038 [0043.568] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db.adv" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db.adv")) returned 1 [0043.568] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0043.568] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd0 | out: hHeap=0x6d0000) returned 1 [0043.568] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0043.568] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0043.568] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fd0 [0043.568] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0043.568] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2038 [0043.568] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0043.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0043.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0043.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20a0 [0043.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0043.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0043.571] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.571] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.571] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 0 [0043.571] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0043.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.571] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0043.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20a0 [0043.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0043.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f0918 [0043.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.571] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.573] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.573] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff107f92, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0043.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0043.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09b0 [0043.573] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.573] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.574] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x1a00, lpOverlapped=0x0) returned 1 [0043.575] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.575] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1a00, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x1a00, lpOverlapped=0x0) returned 1 [0043.576] CloseHandle (hObject=0x44) returned 1 [0043.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a48 [0043.576] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms.adv")) returned 1 [0043.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a48 | out: hHeap=0x6d0000) returned 1 [0043.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0043.576] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0043.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0043.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f09b0 [0043.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0a48 [0043.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.576] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x9, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.578] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x9, cFileName="..", cAlternateFileName="")) returned 1 [0043.578] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeaa2466, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x9, cFileName="Microsoft at Home~.feed-ms", cAlternateFileName="MICROS~2.FEE")) returned 1 [0043.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.578] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0b10 [0043.578] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.578] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.579] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0043.581] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.581] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0043.581] CloseHandle (hObject=0x48) returned 1 [0043.581] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0043.581] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.adv")) returned 1 [0043.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b10 | out: hHeap=0x6d0000) returned 1 [0043.582] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x9, cFileName="Microsoft at Work~.feed-ms", cAlternateFileName="MICROS~1.FEE")) returned 1 [0043.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0b10 [0043.582] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.582] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.582] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0043.584] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.584] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0043.584] CloseHandle (hObject=0x48) returned 1 [0043.584] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0043.584] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.adv")) returned 1 [0043.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b10 | out: hHeap=0x6d0000) returned 1 [0043.585] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x9, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 1 [0043.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0b10 [0043.585] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.585] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.585] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0043.587] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.587] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7000, lpOverlapped=0x0) returned 1 [0043.587] CloseHandle (hObject=0x48) returned 1 [0043.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0043.588] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.adv")) returned 1 [0043.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0b10 | out: hHeap=0x6d0000) returned 1 [0043.588] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x9, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 0 [0043.588] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a48 | out: hHeap=0x6d0000) returned 1 [0043.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0043.588] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0043.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6f08b0 [0043.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f09b0 [0043.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a68 [0043.588] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3778 [0043.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a68 | out: hHeap=0x6d0000) returned 1 [0043.589] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x9, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.589] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x9, cFileName="..", cAlternateFileName="")) returned 1 [0043.589] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x9, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 1 [0043.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a68 [0043.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3888 [0043.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a68 | out: hHeap=0x6d0000) returned 1 [0043.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0a68 [0043.589] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.589] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.589] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 1 [0043.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3998 [0043.589] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3a70 [0043.589] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3998 | out: hHeap=0x6d0000) returned 1 [0043.589] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0043.590] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x7000, lpOverlapped=0x0) returned 1 [0043.591] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.591] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x7000, lpOverlapped=0x0) returned 1 [0043.592] CloseHandle (hObject=0x4c) returned 1 [0043.592] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3bb0 [0043.592] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.adv")) returned 1 [0043.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bb0 | out: hHeap=0x6d0000) returned 1 [0043.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a70 | out: hHeap=0x6d0000) returned 1 [0043.592] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 0 [0043.592] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a68 | out: hHeap=0x6d0000) returned 1 [0043.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3888 | out: hHeap=0x6d0000) returned 1 [0043.592] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x9, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 0 [0043.593] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09b0 | out: hHeap=0x6d0000) returned 1 [0043.593] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0043.593] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0918 | out: hHeap=0x6d0000) returned 1 [0043.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.593] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0043.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20a0 [0043.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0043.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0043.593] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.595] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.595] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0043.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.595] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.595] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="..", cAlternateFileName="")) returned 1 [0043.595] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.595] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.596] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.596] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.596] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.597] CloseHandle (hObject=0x48) returned 1 [0043.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.597] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.adv")) returned 1 [0043.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.597] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0043.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.597] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.597] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.599] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.599] CloseHandle (hObject=0x48) returned 1 [0043.599] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.599] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1].adv")) returned 1 [0043.600] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.600] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.600] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0043.600] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.600] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.600] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.600] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0043.600] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.600] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.600] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.600] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.600] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.601] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="..", cAlternateFileName="")) returned 1 [0043.601] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.601] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.601] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.601] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.601] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.601] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.602] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.602] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.602] CloseHandle (hObject=0x48) returned 1 [0043.602] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.602] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.adv")) returned 1 [0043.603] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.603] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.603] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0043.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.603] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.603] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.603] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.603] CloseHandle (hObject=0x48) returned 1 [0043.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.603] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1].adv")) returned 1 [0043.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.604] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0043.604] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.604] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0043.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.604] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.604] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.604] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="..", cAlternateFileName="")) returned 1 [0043.605] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.605] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.605] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.606] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.607] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.607] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.607] CloseHandle (hObject=0x48) returned 1 [0043.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.607] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.adv")) returned 1 [0043.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.608] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0043.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.608] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.608] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.608] CloseHandle (hObject=0x48) returned 1 [0043.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.608] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1].adv")) returned 1 [0043.609] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.609] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.609] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x668c5a0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0043.609] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.609] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.609] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.609] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.609] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.609] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.609] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x43, lpOverlapped=0x0) returned 1 [0043.610] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.610] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x43, lpOverlapped=0x0) returned 1 [0043.610] CloseHandle (hObject=0x44) returned 1 [0043.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.611] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini.adv")) returned 1 [0043.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.611] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa9d0d0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="index.dat", cAlternateFileName="")) returned 1 [0043.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.611] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.612] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x8000, lpOverlapped=0x0) returned 1 [0043.614] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.614] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x8000, lpOverlapped=0x0) returned 1 [0043.614] CloseHandle (hObject=0x44) returned 1 [0043.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.614] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat.adv")) returned 1 [0043.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.615] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0043.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.615] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.615] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName="..", cAlternateFileName="")) returned 1 [0043.615] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x29, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.615] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.616] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.617] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.617] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.617] CloseHandle (hObject=0x48) returned 1 [0043.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.617] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.adv")) returned 1 [0043.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.618] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0043.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.618] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.618] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.618] CloseHandle (hObject=0x48) returned 1 [0043.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.618] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1].adv")) returned 1 [0043.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.619] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0043.619] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.619] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0043.619] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0043.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.619] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0043.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20a0 [0043.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0043.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.619] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.619] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.619] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff12e0f2, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0043.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0043.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.620] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.621] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fa9, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2fa9, lpOverlapped=0x0) returned 1 [0043.622] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.622] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fa9, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2fa9, lpOverlapped=0x0) returned 1 [0043.622] CloseHandle (hObject=0x44) returned 1 [0043.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.623] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.adv")) returned 1 [0043.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.623] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0043.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0043.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.623] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.624] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2fa9, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2fa9, lpOverlapped=0x0) returned 1 [0043.625] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.625] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2fa9, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2fa9, lpOverlapped=0x0) returned 1 [0043.626] CloseHandle (hObject=0x44) returned 1 [0043.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.626] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.adv")) returned 1 [0043.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.626] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="brndlog.txt", cAlternateFileName="")) returned 0 [0043.626] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.626] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0043.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20a0 [0043.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0043.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0043.627] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.629] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.629] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8679d27, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0043.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.629] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.630] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x105000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x105000, lpOverlapped=0x0) returned 1 [0043.658] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.658] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x105000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x105000, lpOverlapped=0x0) returned 1 [0043.663] CloseHandle (hObject=0x44) returned 1 [0043.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f09f8 [0043.663] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb.adv")) returned 1 [0043.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.664] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1106c, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0043.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.664] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.664] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.665] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1106c, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x1106c, lpOverlapped=0x0) returned 1 [0043.668] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.668] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1106c, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x1106c, lpOverlapped=0x0) returned 1 [0043.668] CloseHandle (hObject=0x44) returned 1 [0043.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.668] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb.adv")) returned 1 [0043.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.669] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0043.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.669] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x27, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.669] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x27, cFileName="..", cAlternateFileName="")) returned 1 [0043.669] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x27, cFileName="en-US", cAlternateFileName="")) returned 1 [0043.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0043.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0043.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0043.669] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.670] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.670] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="00010C6E", cAlternateFileName="")) returned 1 [0043.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3820 [0043.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3820 | out: hHeap=0x6d0000) returned 1 [0043.670] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0043.672] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.672] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0043.672] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.672] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.672] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x414, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x414, lpOverlapped=0x0) returned 1 [0043.674] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.674] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x414, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x414, lpOverlapped=0x0) returned 1 [0043.674] CloseHandle (hObject=0x50) returned 1 [0043.674] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3c40 [0043.674] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.adv")) returned 1 [0043.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.675] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0043.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.675] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.675] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.675] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.678] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ff, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4ff, lpOverlapped=0x0) returned 1 [0043.680] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.680] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ff, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4ff, lpOverlapped=0x0) returned 1 [0043.680] CloseHandle (hObject=0x50) returned 1 [0043.680] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3c40 [0043.680] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.adv")) returned 1 [0043.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.680] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.680] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0043.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.681] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.681] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.681] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4f3, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4f3, lpOverlapped=0x0) returned 1 [0043.682] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.683] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4f3, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4f3, lpOverlapped=0x0) returned 1 [0043.683] CloseHandle (hObject=0x50) returned 1 [0043.683] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3c40 [0043.683] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.adv")) returned 1 [0043.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.684] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0043.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.684] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.684] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.685] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x504, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x504, lpOverlapped=0x0) returned 1 [0043.686] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.686] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x504, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x504, lpOverlapped=0x0) returned 1 [0043.686] CloseHandle (hObject=0x50) returned 1 [0043.686] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3c40 [0043.686] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.adv")) returned 1 [0043.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.687] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0043.687] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.687] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.687] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.687] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x31d, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x31d, lpOverlapped=0x0) returned 1 [0043.689] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.689] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x31d, lpOverlapped=0x0) returned 1 [0043.689] CloseHandle (hObject=0x50) returned 1 [0043.689] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3c40 [0043.689] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.adv")) returned 1 [0043.690] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.690] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.690] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0043.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.690] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.690] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.690] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x311, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x311, lpOverlapped=0x0) returned 1 [0043.693] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.693] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x311, lpOverlapped=0x0) returned 1 [0043.693] CloseHandle (hObject=0x50) returned 1 [0043.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3c40 [0043.693] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.adv")) returned 1 [0043.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.693] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0043.693] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.694] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.694] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.694] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x410, lpOverlapped=0x0) returned 1 [0043.696] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.696] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x410, lpOverlapped=0x0) returned 1 [0043.696] CloseHandle (hObject=0x50) returned 1 [0043.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3c40 [0043.696] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.adv")) returned 1 [0043.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.698] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0043.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.699] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.699] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3fc, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x3fc, lpOverlapped=0x0) returned 1 [0043.700] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.701] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x3fc, lpOverlapped=0x0) returned 1 [0043.701] CloseHandle (hObject=0x50) returned 1 [0043.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3c40 [0043.701] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.adv")) returned 1 [0043.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.701] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0043.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.701] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.701] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.702] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x401, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x401, lpOverlapped=0x0) returned 1 [0043.704] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.704] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x401, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x401, lpOverlapped=0x0) returned 1 [0043.704] CloseHandle (hObject=0x50) returned 1 [0043.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3c40 [0043.704] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.adv")) returned 1 [0043.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.705] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0043.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.705] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.705] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x427, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x427, lpOverlapped=0x0) returned 1 [0043.707] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.707] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x427, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x427, lpOverlapped=0x0) returned 1 [0043.707] CloseHandle (hObject=0x50) returned 1 [0043.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3c40 [0043.707] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.adv")) returned 1 [0043.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.708] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0043.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.708] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.708] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x249, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x249, lpOverlapped=0x0) returned 1 [0043.710] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.710] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x249, lpOverlapped=0x0) returned 1 [0043.710] CloseHandle (hObject=0x50) returned 1 [0043.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3c40 [0043.710] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.adv")) returned 1 [0043.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b30 | out: hHeap=0x6d0000) returned 1 [0043.711] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0043.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3a78 [0043.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e3b30 [0043.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3a78 | out: hHeap=0x6d0000) returned 1 [0043.711] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.711] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x437, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x437, lpOverlapped=0x0) returned 1 [0043.713] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.713] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x437, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x437, lpOverlapped=0x0) returned 1 [0043.713] CloseHandle (hObject=0x50) returned 1 [0043.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3c40 [0043.713] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.adv")) returned 1 [0043.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c40 | out: hHeap=0x6d0000) returned 1 [0043.713] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 0 [0043.714] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0043.714] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="00010C6E", cAlternateFileName="")) returned 0 [0043.714] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.714] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x27, cFileName="en-US", cAlternateFileName="")) returned 0 [0043.714] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.714] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 0 [0043.714] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.714] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d8860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d1d5e4e, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0043.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20a0 [0043.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0043.714] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d8860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d1d5e4e, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.716] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d8860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d1d5e4e, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.716] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Burn", cAlternateFileName="")) returned 1 [0043.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea900 [0043.716] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.716] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 1 [0043.716] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="Burn", cAlternateFileName="")) returned 1 [0043.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea978 [0043.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.716] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.716] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.716] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.717] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0043.717] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0xae, lpOverlapped=0x0) returned 1 [0043.718] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.718] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0xae, lpOverlapped=0x0) returned 1 [0043.718] CloseHandle (hObject=0x4c) returned 1 [0043.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.718] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini.adv")) returned 1 [0043.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.719] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0043.719] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.719] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="Burn", cAlternateFileName="")) returned 0 [0043.719] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea900 | out: hHeap=0x6d0000) returned 1 [0043.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.719] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xeb4bd20c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Caches", cAlternateFileName="")) returned 1 [0043.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea900 [0043.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea900 | out: hHeap=0x6d0000) returned 1 [0043.719] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xeb4bd20c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.719] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xeb4bd20c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 1 [0043.719] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xeb4bd20c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 0 [0043.719] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.721] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.721] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.721] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Explorer", cAlternateFileName="")) returned 1 [0043.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.721] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.721] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.722] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 1 [0043.722] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4777f11, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xa000, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="ExplorerStartupLog.etl", cAlternateFileName="EXPLOR~2.ETL")) returned 1 [0043.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.722] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.722] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.723] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xa000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xa000, lpOverlapped=0x0) returned 1 [0043.726] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.726] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xa000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xa000, lpOverlapped=0x0) returned 1 [0043.726] CloseHandle (hObject=0x48) returned 1 [0043.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0043.726] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl.adv")) returned 1 [0043.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.727] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xeb8291b2, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="ExplorerStartupLog_RunOnce.etl", cAlternateFileName="EXPLOR~1.ETL")) returned 1 [0043.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.727] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f09f8 [0043.727] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.727] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.727] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0043.730] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.730] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0043.730] CloseHandle (hObject=0x48) returned 1 [0043.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0ac0 [0043.730] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl.adv")) returned 1 [0043.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.731] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="thumbcache_1024.db", cAlternateFileName="TH78CB~1.DB")) returned 1 [0043.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.731] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.731] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.731] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0043.732] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.732] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0043.732] CloseHandle (hObject=0x48) returned 1 [0043.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0043.732] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db.adv")) returned 1 [0043.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.733] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="thumbcache_256.db", cAlternateFileName="TH5A2B~1.DB")) returned 1 [0043.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.733] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.733] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x100000, lpOverlapped=0x0) returned 1 [0043.745] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.745] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x100000, lpOverlapped=0x0) returned 1 [0043.748] CloseHandle (hObject=0x48) returned 1 [0043.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.748] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db.adv")) returned 1 [0043.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.748] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x17dc6ba, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="thumbcache_32.db", cAlternateFileName="THUMBC~4.DB")) returned 1 [0043.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.748] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.748] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.749] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0043.750] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.750] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0043.750] CloseHandle (hObject=0x48) returned 1 [0043.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.750] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db.adv")) returned 1 [0043.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.750] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="thumbcache_96.db", cAlternateFileName="THUMBC~3.DB")) returned 1 [0043.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.751] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.751] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.751] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0043.752] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.752] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0043.752] CloseHandle (hObject=0x48) returned 1 [0043.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.752] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db.adv")) returned 1 [0043.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.753] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x17dc6ba, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xcb8, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="thumbcache_idx.db", cAlternateFileName="THUMBC~2.DB")) returned 1 [0043.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.753] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.753] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.753] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xcb8, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xcb8, lpOverlapped=0x0) returned 1 [0043.755] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.755] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xcb8, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xcb8, lpOverlapped=0x0) returned 1 [0043.755] CloseHandle (hObject=0x48) returned 1 [0043.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.755] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db.adv")) returned 1 [0043.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.756] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.756] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="thumbcache_sr.db", cAlternateFileName="THUMBC~1.DB")) returned 1 [0043.756] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.756] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.756] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.756] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.756] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0043.757] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.757] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0043.757] CloseHandle (hObject=0x48) returned 1 [0043.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.757] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db.adv")) returned 1 [0043.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.758] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x182897a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="thumbcache_sr.db", cAlternateFileName="THUMBC~1.DB")) returned 0 [0043.758] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.758] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="GameExplorer", cAlternateFileName="GAMEEX~1")) returned 1 [0043.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.758] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.758] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 1 [0043.758] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda01e06, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 0 [0043.758] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.758] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="History", cAlternateFileName="")) returned 1 [0043.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.758] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.760] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 1 [0043.760] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.760] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.760] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.760] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.760] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.760] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x91, lpOverlapped=0x0) returned 1 [0043.761] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.762] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x91, lpOverlapped=0x0) returned 1 [0043.762] CloseHandle (hObject=0x48) returned 1 [0043.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.762] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\desktop.ini.adv")) returned 1 [0043.762] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.762] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.762] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e4d86f4, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="History.IE5", cAlternateFileName="")) returned 1 [0043.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.762] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.762] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e4d86f4, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.763] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e4d86f4, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf, cFileName="..", cAlternateFileName="")) returned 1 [0043.763] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0xf, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ac0 [0043.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0043.763] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.763] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0043.763] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x91, lpOverlapped=0x0) returned 1 [0043.764] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.764] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x91, lpOverlapped=0x0) returned 1 [0043.764] CloseHandle (hObject=0x4c) returned 1 [0043.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0043.764] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini.adv")) returned 1 [0043.765] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.765] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.765] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd021fb60, ftLastWriteTime.dwHighDateTime=0x1cb892e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0xf, cFileName="index.dat", cAlternateFileName="")) returned 1 [0043.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ac0 [0043.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0043.765] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.765] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0043.765] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0043.767] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.767] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0043.767] CloseHandle (hObject=0x4c) returned 1 [0043.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0043.767] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat.adv")) returned 1 [0043.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.768] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd021fb60, ftLastWriteTime.dwHighDateTime=0x1cb892e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0xf, cFileName="index.dat", cAlternateFileName="")) returned 0 [0043.768] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.768] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="Low", cAlternateFileName="")) returned 1 [0043.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.768] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0043.768] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.768] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf, cFileName="..", cAlternateFileName="")) returned 1 [0043.768] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf, cFileName="..", cAlternateFileName="")) returned 0 [0043.768] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0043.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.769] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="Low", cAlternateFileName="")) returned 0 [0043.769] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.769] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Ringtones", cAlternateFileName="RINGTO~1")) returned 1 [0043.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.769] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.769] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 1 [0043.769] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 0 [0043.769] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.769] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe7364c0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0043.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.769] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0043.769] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe7364c0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.771] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe7364c0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="..", cAlternateFileName="")) returned 1 [0043.771] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0043.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0043.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0aa0 [0043.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0043.771] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x65f4020, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.773] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x65f4020, cFileName="..", cAlternateFileName="")) returned 1 [0043.773] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x661a180, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x661a180, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e570c75, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1ca0431, dwReserved1=0x65f4020, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3830 [0043.773] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e38e8 [0043.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3830 | out: hHeap=0x6d0000) returned 1 [0043.773] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0043.773] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0043.774] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.774] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x43, lpOverlapped=0x0) returned 1 [0043.774] CloseHandle (hObject=0x4c) returned 1 [0043.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e39f8 [0043.775] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini.adv")) returned 1 [0043.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38e8 | out: hHeap=0x6d0000) returned 1 [0043.775] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e3cd240, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x1ca0431, dwReserved1=0x65f4020, cFileName="index.dat", cAlternateFileName="")) returned 1 [0043.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3830 [0043.775] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e38e8 [0043.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3830 | out: hHeap=0x6d0000) returned 1 [0043.775] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0043.776] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x8000, lpOverlapped=0x0) returned 1 [0043.778] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.778] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x8000, lpOverlapped=0x0) returned 1 [0043.778] CloseHandle (hObject=0x4c) returned 1 [0043.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e39f8 [0043.778] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat.adv")) returned 1 [0043.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38e8 | out: hHeap=0x6d0000) returned 1 [0043.779] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x65f4020, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0043.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3830 [0043.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e38e8 [0043.779] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3830 | out: hHeap=0x6d0000) returned 1 [0043.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39f8 [0043.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3ac0 [0043.779] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.779] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x179, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0043.779] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x179, cFileName="..", cAlternateFileName="")) returned 1 [0043.779] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x179, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39f8 [0043.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3be8 [0043.779] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.779] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.780] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0043.780] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.781] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0043.781] CloseHandle (hObject=0x50) returned 1 [0043.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d10 [0043.781] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini.adv")) returned 1 [0043.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d10 | out: hHeap=0x6d0000) returned 1 [0043.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3be8 | out: hHeap=0x6d0000) returned 1 [0043.781] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x179, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0043.781] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0043.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ac0 | out: hHeap=0x6d0000) returned 1 [0043.781] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38e8 | out: hHeap=0x6d0000) returned 1 [0043.781] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x65f4020, cFileName="PMMR5K9K", cAlternateFileName="")) returned 1 [0043.781] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3830 [0043.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e38e8 [0043.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3830 | out: hHeap=0x6d0000) returned 1 [0043.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39f8 [0043.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3ac0 [0043.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.782] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x179, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0043.782] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x179, cFileName="..", cAlternateFileName="")) returned 1 [0043.782] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x179, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39f8 [0043.782] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3be8 [0043.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.782] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.782] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0043.783] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.783] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0043.783] CloseHandle (hObject=0x50) returned 1 [0043.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d10 [0043.784] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini.adv")) returned 1 [0043.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d10 | out: hHeap=0x6d0000) returned 1 [0043.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3be8 | out: hHeap=0x6d0000) returned 1 [0043.784] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x179, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0043.784] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0043.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ac0 | out: hHeap=0x6d0000) returned 1 [0043.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38e8 | out: hHeap=0x6d0000) returned 1 [0043.784] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x65f4020, cFileName="RIJUQL1C", cAlternateFileName="")) returned 1 [0043.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3830 [0043.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e38e8 [0043.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3830 | out: hHeap=0x6d0000) returned 1 [0043.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39f8 [0043.784] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3ac0 [0043.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.784] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x179, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0043.785] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x179, cFileName="..", cAlternateFileName="")) returned 1 [0043.785] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x179, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39f8 [0043.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3be8 [0043.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.785] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.785] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0043.786] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.786] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0043.786] CloseHandle (hObject=0x50) returned 1 [0043.786] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d10 [0043.786] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini.adv")) returned 1 [0043.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d10 | out: hHeap=0x6d0000) returned 1 [0043.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3be8 | out: hHeap=0x6d0000) returned 1 [0043.787] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x179, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0043.787] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0043.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ac0 | out: hHeap=0x6d0000) returned 1 [0043.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38e8 | out: hHeap=0x6d0000) returned 1 [0043.787] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x65f4020, cFileName="X9OHK109", cAlternateFileName="")) returned 1 [0043.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3830 [0043.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e38e8 [0043.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3830 | out: hHeap=0x6d0000) returned 1 [0043.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39f8 [0043.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3ac0 [0043.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.787] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x179, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0043.787] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x179, cFileName="..", cAlternateFileName="")) returned 1 [0043.788] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x179, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.788] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39f8 [0043.788] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3be8 [0043.788] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0043.788] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0043.788] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0043.789] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.789] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x43, lpOverlapped=0x0) returned 1 [0043.789] CloseHandle (hObject=0x50) returned 1 [0043.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3d10 [0043.789] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini.adv")) returned 1 [0043.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3d10 | out: hHeap=0x6d0000) returned 1 [0043.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3be8 | out: hHeap=0x6d0000) returned 1 [0043.790] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x179, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0043.790] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0043.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ac0 | out: hHeap=0x6d0000) returned 1 [0043.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38e8 | out: hHeap=0x6d0000) returned 1 [0043.790] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x65f4020, cFileName="X9OHK109", cAlternateFileName="")) returned 0 [0043.790] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0043.790] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe710360, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0043.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0aa0 [0043.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.790] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0043.791] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.791] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.792] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x43, lpOverlapped=0x0) returned 1 [0043.792] CloseHandle (hObject=0x48) returned 1 [0043.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0043.792] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini.adv")) returned 1 [0043.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0043.793] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedb45673, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="Low", cAlternateFileName="")) returned 1 [0043.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0043.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0aa0 [0043.793] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedb45673, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cd, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.793] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedb45673, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cd, cFileName="..", cAlternateFileName="")) returned 1 [0043.793] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedb45673, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cd, cFileName="..", cAlternateFileName="")) returned 0 [0043.793] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0043.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.793] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 1 [0043.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f09f8 [0043.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0aa0 [0043.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0043.793] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cd, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.793] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cd, cFileName="..", cAlternateFileName="")) returned 1 [0043.793] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cd, cFileName="..", cAlternateFileName="")) returned 0 [0043.793] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.794] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.794] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa0 | out: hHeap=0x6d0000) returned 1 [0043.794] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x66d8860, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 0 [0043.794] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.794] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.794] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.794] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x579672e0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="UsrClass.dat", cAlternateFileName="")) returned 1 [0043.794] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.794] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.794] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.794] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.794] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x40000, lpOverlapped=0x0) returned 1 [0043.798] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.798] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x40000, lpOverlapped=0x0) returned 1 [0043.799] CloseHandle (hObject=0x44) returned 1 [0043.799] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.799] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.adv")) returned 1 [0043.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.800] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65f4020, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65f4020, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x579672e0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0xb400, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="UsrClass.dat.LOG1", cAlternateFileName="USRCLA~2.LOG")) returned 1 [0043.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.800] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.800] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xb400, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0xb400, lpOverlapped=0x0) returned 1 [0043.802] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.802] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xb400, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0xb400, lpOverlapped=0x0) returned 1 [0043.802] CloseHandle (hObject=0x44) returned 1 [0043.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.803] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1.adv")) returned 1 [0043.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.803] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65cdec0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65cdec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9c5705f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="UsrClass.dat.LOG2", cAlternateFileName="USRCLA~1.LOG")) returned 1 [0043.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.803] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.804] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.804] CloseHandle (hObject=0x44) returned 1 [0043.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.804] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2.adv")) returned 1 [0043.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.805] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x65cdec0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x65cdec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x962222ec, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf", cAlternateFileName="USRCLA~1.BLF")) returned 1 [0043.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0948 [0043.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.805] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.805] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x10000, lpOverlapped=0x0) returned 1 [0043.807] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.807] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x10000, lpOverlapped=0x0) returned 1 [0043.808] CloseHandle (hObject=0x44) returned 1 [0043.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0a30 [0043.808] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf.adv")) returned 1 [0043.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a30 | out: hHeap=0x6d0000) returned 1 [0043.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.808] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6581c00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6581c00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="USRCLA~2.REG")) returned 1 [0043.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0948 [0043.808] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.809] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.809] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x80000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x80000, lpOverlapped=0x0) returned 1 [0043.816] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.816] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x80000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x80000, lpOverlapped=0x0) returned 1 [0043.818] CloseHandle (hObject=0x44) returned 1 [0043.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0a70 [0043.818] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms.adv")) returned 1 [0043.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a70 | out: hHeap=0x6d0000) returned 1 [0043.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.818] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="USRCLA~1.REG")) returned 1 [0043.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0948 [0043.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.818] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.819] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x80000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x80000, lpOverlapped=0x0) returned 1 [0043.826] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.826] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x80000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x80000, lpOverlapped=0x0) returned 1 [0043.827] CloseHandle (hObject=0x44) returned 1 [0043.827] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x130) returned 0x6f0a70 [0043.827] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms.adv")) returned 1 [0043.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a70 | out: hHeap=0x6d0000) returned 1 [0043.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.828] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="WER", cAlternateFileName="")) returned 1 [0043.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea900 [0043.828] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\WER\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1d8, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.828] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1d8, cFileName="..", cAlternateFileName="")) returned 1 [0043.828] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1d8, cFileName="ERC", cAlternateFileName="")) returned 1 [0043.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea978 [0043.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea978 | out: hHeap=0x6d0000) returned 1 [0043.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.828] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\WER\\ERC\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.828] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.828] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 0 [0043.829] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.829] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2810, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1d8, cFileName="ReportArchive", cAlternateFileName="REPORT~1")) returned 1 [0043.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea978 [0043.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea978 | out: hHeap=0x6d0000) returned 1 [0043.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.829] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\WER\\ReportArchive\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2810, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.829] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2810, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.829] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2810, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 0 [0043.829] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.829] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2810, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1d8, cFileName="ReportArchive", cAlternateFileName="REPORT~1")) returned 0 [0043.829] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea900 | out: hHeap=0x6d0000) returned 1 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.829] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="WER", cAlternateFileName="")) returned 0 [0043.829] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0043.829] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd774d0cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0043.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20a0 [0043.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0043.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.829] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0043.829] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd774d0cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0043.834] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd774d0cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.834] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x5e4, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cAlternateFileName="ACCOUN~3.OEA")) returned 1 [0043.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0948 [0043.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.834] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.834] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5e4, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x5e4, lpOverlapped=0x0) returned 1 [0043.839] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.839] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5e4, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x5e4, lpOverlapped=0x0) returned 1 [0043.839] CloseHandle (hObject=0x44) returned 1 [0043.839] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0a30 [0043.839] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.adv")) returned 1 [0043.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a30 | out: hHeap=0x6d0000) returned 1 [0043.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.840] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf657b4d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2a0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cAlternateFileName="ACCOUN~2.OEA")) returned 1 [0043.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.840] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0948 [0043.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.840] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.840] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2a0, lpOverlapped=0x0) returned 1 [0043.842] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.842] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2a0, lpOverlapped=0x0) returned 1 [0043.842] CloseHandle (hObject=0x44) returned 1 [0043.842] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0a30 [0043.842] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.adv")) returned 1 [0043.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a30 | out: hHeap=0x6d0000) returned 1 [0043.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.843] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67b6975, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x6c8, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cAlternateFileName="ACCOUN~1.OEA")) returned 1 [0043.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0948 [0043.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.843] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.843] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x6c8, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x6c8, lpOverlapped=0x0) returned 1 [0043.845] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.845] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x6c8, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x6c8, lpOverlapped=0x0) returned 1 [0043.845] CloseHandle (hObject=0x44) returned 1 [0043.845] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0a30 [0043.845] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.adv")) returned 1 [0043.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a30 | out: hHeap=0x6d0000) returned 1 [0043.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.846] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf303882f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Backup", cAlternateFileName="")) returned 1 [0043.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0043.846] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf303882f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1e0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0043.846] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf303882f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1e0, cFileName="..", cAlternateFileName="")) returned 1 [0043.846] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1e0, cFileName="new", cAlternateFileName="")) returned 1 [0043.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0043.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f09f8 [0043.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0043.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.846] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0043.848] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0043.848] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x650f7e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f2de8d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0043.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ac0 [0043.848] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0043.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.848] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0043.848] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x200000, lpOverlapped=0x0) returned 1 [0043.877] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.877] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x200000, lpOverlapped=0x0) returned 1 [0043.885] CloseHandle (hObject=0x4c) returned 1 [0043.885] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0043.885] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log.adv")) returned 1 [0043.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.886] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2ab7545, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x206000, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0043.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ac0 [0043.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0043.886] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.886] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0043.886] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x206000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x206000, lpOverlapped=0x0) returned 1 [0043.925] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.925] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x206000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x206000, lpOverlapped=0x0) returned 1 [0043.951] CloseHandle (hObject=0x4c) returned 1 [0043.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0ac0 [0043.951] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore.adv")) returned 1 [0043.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.952] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0043.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0ac0 [0043.952] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0043.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.952] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0043.952] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0043.955] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.955] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x4000, lpOverlapped=0x0) returned 1 [0043.955] CloseHandle (hObject=0x4c) returned 1 [0043.955] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0ac0 [0043.955] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat.adv")) returned 1 [0043.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0043.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0043.956] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0043.956] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0043.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0043.956] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1e0, cFileName="new", cAlternateFileName="")) returned 0 [0043.956] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0043.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0043.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.956] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7bc3a13, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0043.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.956] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.957] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.957] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x2000, lpOverlapped=0x0) returned 1 [0043.958] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0043.958] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x2000, lpOverlapped=0x0) returned 1 [0043.959] CloseHandle (hObject=0x44) returned 1 [0043.959] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0043.959] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk.adv")) returned 1 [0043.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0043.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0043.959] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7bc3a13, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="edb.log", cAlternateFileName="")) returned 1 [0043.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0043.960] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0043.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0043.960] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0043.960] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0044.004] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.004] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0044.012] CloseHandle (hObject=0x44) returned 1 [0044.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0044.013] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log.adv")) returned 1 [0044.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.015] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b29966, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0044.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.015] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0044.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.015] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0044.015] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0044.047] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.047] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0044.054] CloseHandle (hObject=0x44) returned 1 [0044.054] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0044.054] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log.adv")) returned 1 [0044.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.055] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2027392, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="edbres00001.jrs", cAlternateFileName="EDBRES~2.JRS")) returned 1 [0044.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0044.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.055] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0044.056] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0044.086] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.086] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0044.094] CloseHandle (hObject=0x44) returned 1 [0044.094] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0044.094] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs.adv")) returned 1 [0044.094] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.094] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.094] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2216575, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="edbres00002.jrs", cAlternateFileName="EDBRES~1.JRS")) returned 1 [0044.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.095] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0044.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.095] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0044.095] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x200000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0044.129] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.129] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x200000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x200000, lpOverlapped=0x0) returned 1 [0044.137] CloseHandle (hObject=0x44) returned 1 [0044.137] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0044.137] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs.adv")) returned 1 [0044.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.140] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.140] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="oeold.xml", cAlternateFileName="")) returned 1 [0044.140] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.140] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0044.140] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.140] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0044.140] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x104, lpOverlapped=0x0) returned 1 [0044.141] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.141] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x104, lpOverlapped=0x0) returned 1 [0044.141] CloseHandle (hObject=0x44) returned 1 [0044.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0044.141] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml.adv")) returned 1 [0044.142] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.142] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.142] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0044.142] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.142] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0044.142] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.142] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0044.142] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.146] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x29, cFileName="..", cAlternateFileName="")) returned 1 [0044.146] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xcdfff30e, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x29, cFileName="Bears.htm", cAlternateFileName="")) returned 1 [0044.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.146] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.146] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.147] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xff, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xff, lpOverlapped=0x0) returned 1 [0044.148] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.148] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xff, lpOverlapped=0x0) returned 1 [0044.148] CloseHandle (hObject=0x48) returned 1 [0044.148] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0044.148] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm.adv")) returned 1 [0044.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.149] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa352261, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x29, cFileName="Bears.jpg", cAlternateFileName="")) returned 1 [0044.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.149] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.149] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.149] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x432, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x432, lpOverlapped=0x0) returned 1 [0044.151] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.151] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x432, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x432, lpOverlapped=0x0) returned 1 [0044.151] CloseHandle (hObject=0x48) returned 1 [0044.151] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0044.151] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.adv")) returned 1 [0044.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.151] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7bf1d2d9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x285, dwReserved0=0x0, dwReserved1=0x29, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0044.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.152] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.152] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.152] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x285, lpOverlapped=0x0) returned 1 [0044.153] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.153] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x285, lpOverlapped=0x0) returned 1 [0044.153] CloseHandle (hObject=0x48) returned 1 [0044.153] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.153] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini.adv")) returned 1 [0044.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.156] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x650f7e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce04b5c8, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe7, dwReserved0=0x0, dwReserved1=0x29, cFileName="Garden.htm", cAlternateFileName="")) returned 1 [0044.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.156] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.156] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe7, lpOverlapped=0x0) returned 1 [0044.157] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.157] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe7, lpOverlapped=0x0) returned 1 [0044.157] CloseHandle (hObject=0x48) returned 1 [0044.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0044.158] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm.adv")) returned 1 [0044.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.158] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa410937, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x5d3f, dwReserved0=0x0, dwReserved1=0x29, cFileName="Garden.jpg", cAlternateFileName="")) returned 1 [0044.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.158] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.159] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5d3f, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x5d3f, lpOverlapped=0x0) returned 1 [0044.160] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.160] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5d3f, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x5d3f, lpOverlapped=0x0) returned 1 [0044.161] CloseHandle (hObject=0x48) returned 1 [0044.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0044.161] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.adv")) returned 1 [0044.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.161] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce071725, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x29, cFileName="Green Bubbles.htm", cAlternateFileName="GREENB~1.HTM")) returned 1 [0044.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.161] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.162] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.162] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0044.163] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.163] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0044.164] CloseHandle (hObject=0x48) returned 1 [0044.164] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.164] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm.adv")) returned 1 [0044.164] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.164] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.164] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa436a95, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1906, dwReserved0=0x0, dwReserved1=0x29, cFileName="GreenBubbles.jpg", cAlternateFileName="GREENB~1.JPG")) returned 1 [0044.164] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.164] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.164] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.164] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.165] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1906, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1906, lpOverlapped=0x0) returned 1 [0044.168] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.168] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1906, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1906, lpOverlapped=0x0) returned 1 [0044.169] CloseHandle (hObject=0x48) returned 1 [0044.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.169] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.adv")) returned 1 [0044.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.169] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0bd9df, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x29, cFileName="Hand Prints.htm", cAlternateFileName="HANDPR~1.HTM")) returned 1 [0044.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.169] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.170] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xeb, lpOverlapped=0x0) returned 1 [0044.171] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.171] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xeb, lpOverlapped=0x0) returned 1 [0044.171] CloseHandle (hObject=0x48) returned 1 [0044.171] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.171] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm.adv")) returned 1 [0044.171] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.172] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa45cbf3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x107e, dwReserved0=0x0, dwReserved1=0x29, cFileName="HandPrints.jpg", cAlternateFileName="HANDPR~1.JPG")) returned 1 [0044.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.172] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.172] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.172] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x107e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x107e, lpOverlapped=0x0) returned 1 [0044.174] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.174] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x107e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x107e, lpOverlapped=0x0) returned 1 [0044.174] CloseHandle (hObject=0x48) returned 1 [0044.174] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.174] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.adv")) returned 1 [0044.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.174] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0e3b3c, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x29, cFileName="Orange Circles.htm", cAlternateFileName="ORANGE~1.HTM")) returned 1 [0044.174] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.175] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.175] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0044.176] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.176] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0044.176] CloseHandle (hObject=0x48) returned 1 [0044.176] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.176] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm.adv")) returned 1 [0044.177] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.177] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.177] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa4cf00d, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x29, cFileName="OrangeCircles.jpg", cAlternateFileName="ORANGE~1.JPG")) returned 1 [0044.177] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.177] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.177] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.177] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18ed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18ed, lpOverlapped=0x0) returned 1 [0044.179] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.179] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18ed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18ed, lpOverlapped=0x0) returned 1 [0044.179] CloseHandle (hObject=0x48) returned 1 [0044.179] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.adv")) returned 1 [0044.180] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.180] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.180] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce109c99, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x29, cFileName="Peacock.htm", cAlternateFileName="")) returned 1 [0044.180] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.180] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.180] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.180] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.180] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe8, lpOverlapped=0x0) returned 1 [0044.181] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.181] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe8, lpOverlapped=0x0) returned 1 [0044.181] CloseHandle (hObject=0x48) returned 1 [0044.181] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.181] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm.adv")) returned 1 [0044.196] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.196] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.196] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa51b2c9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x13fb, dwReserved0=0x0, dwReserved1=0x29, cFileName="Peacock.jpg", cAlternateFileName="")) returned 1 [0044.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.196] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.196] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.196] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.196] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13fb, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x13fb, lpOverlapped=0x0) returned 1 [0044.199] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.199] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13fb, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x13fb, lpOverlapped=0x0) returned 1 [0044.200] CloseHandle (hObject=0x48) returned 1 [0044.200] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.200] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.adv")) returned 1 [0044.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.201] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.201] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce12fdf6, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x29, cFileName="Roses.htm", cAlternateFileName="")) returned 1 [0044.201] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.201] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.201] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.201] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.201] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe9, lpOverlapped=0x0) returned 1 [0044.202] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.202] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe9, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe9, lpOverlapped=0x0) returned 1 [0044.202] CloseHandle (hObject=0x48) returned 1 [0044.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0044.202] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm.adv")) returned 1 [0044.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.203] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa567585, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x780, dwReserved0=0x0, dwReserved1=0x29, cFileName="Roses.jpg", cAlternateFileName="")) returned 1 [0044.203] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.203] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.203] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.203] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x780, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x780, lpOverlapped=0x0) returned 1 [0044.205] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.205] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x780, lpOverlapped=0x0) returned 1 [0044.205] CloseHandle (hObject=0x48) returned 1 [0044.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0044.205] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.adv")) returned 1 [0044.206] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.206] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.206] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce17c0b0, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x29, cFileName="Shades of Blue.htm", cAlternateFileName="SHADES~1.HTM")) returned 1 [0044.206] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.206] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.206] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.206] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.206] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0044.207] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.207] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xed, lpOverlapped=0x0) returned 1 [0044.207] CloseHandle (hObject=0x48) returned 1 [0044.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.208] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm.adv")) returned 1 [0044.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.208] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa58d6e3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x127e, dwReserved0=0x0, dwReserved1=0x29, cFileName="ShadesOfBlue.jpg", cAlternateFileName="SHADES~1.JPG")) returned 1 [0044.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.208] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.209] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x127e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x127e, lpOverlapped=0x0) returned 1 [0044.214] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.214] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x127e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x127e, lpOverlapped=0x0) returned 1 [0044.214] CloseHandle (hObject=0x48) returned 1 [0044.214] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.214] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.adv")) returned 1 [0044.214] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.214] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.214] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1a220d, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x29, cFileName="Soft Blue.htm", cAlternateFileName="SOFTBL~1.HTM")) returned 1 [0044.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.215] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.215] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.215] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe8, lpOverlapped=0x0) returned 1 [0044.216] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.216] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe8, lpOverlapped=0x0) returned 1 [0044.216] CloseHandle (hObject=0x48) returned 1 [0044.216] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.216] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm.adv")) returned 1 [0044.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.217] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5b3841, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x2949, dwReserved0=0x0, dwReserved1=0x29, cFileName="SoftBlue.jpg", cAlternateFileName="")) returned 1 [0044.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.217] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.217] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.217] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2949, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x2949, lpOverlapped=0x0) returned 1 [0044.220] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.220] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2949, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x2949, lpOverlapped=0x0) returned 1 [0044.220] CloseHandle (hObject=0x48) returned 1 [0044.220] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.220] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.adv")) returned 1 [0044.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.221] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.221] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1c836a, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x29, cFileName="Stars.htm", cAlternateFileName="")) returned 1 [0044.221] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.221] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.221] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.221] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.221] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe6, lpOverlapped=0x0) returned 1 [0044.223] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.223] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe6, lpOverlapped=0x0) returned 1 [0044.223] CloseHandle (hObject=0x48) returned 1 [0044.223] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0044.223] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm.adv")) returned 1 [0044.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.224] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x29, cFileName="Stars.jpg", cAlternateFileName="")) returned 1 [0044.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0a90 [0044.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.224] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.224] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d51, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d51, lpOverlapped=0x0) returned 1 [0044.226] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.226] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d51, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d51, lpOverlapped=0x0) returned 1 [0044.226] CloseHandle (hObject=0x48) returned 1 [0044.226] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0044.226] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.adv")) returned 1 [0044.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.226] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x29, cFileName="Stars.jpg", cAlternateFileName="")) returned 0 [0044.226] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.227] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7b05332, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0044.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0948 [0044.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.227] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0044.227] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x204000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x204000, lpOverlapped=0x0) returned 1 [0044.301] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.301] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x204000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x204000, lpOverlapped=0x0) returned 1 [0044.327] CloseHandle (hObject=0x44) returned 1 [0044.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a00 [0044.328] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore.adv")) returned 1 [0044.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a00 | out: hHeap=0x6d0000) returned 1 [0044.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.329] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2e234eb, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0044.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0044.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.329] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0044.329] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x4000, lpOverlapped=0x0) returned 1 [0044.788] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.788] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x4000, lpOverlapped=0x0) returned 1 [0044.789] CloseHandle (hObject=0x44) returned 1 [0044.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0044.789] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat.adv")) returned 1 [0044.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.790] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2e234eb, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0044.790] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0044.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.790] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0044.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20a0 [0044.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0044.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0044.790] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f0948 [0044.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0044.790] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.791] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.791] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="12.0", cAlternateFileName="")) returned 1 [0044.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0044.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f09f8 [0044.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0044.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.791] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.791] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.791] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1f2, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="WMSDKNS.DTD", cAlternateFileName="")) returned 1 [0044.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0aa8 [0044.791] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.791] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.792] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f2, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1f2, lpOverlapped=0x0) returned 1 [0044.793] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.793] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f2, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1f2, lpOverlapped=0x0) returned 1 [0044.793] CloseHandle (hObject=0x48) returned 1 [0044.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0044.793] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd.adv")) returned 1 [0044.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0044.793] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 1 [0044.794] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.794] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0aa8 [0044.794] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.794] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.794] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x27cf, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x27cf, lpOverlapped=0x0) returned 1 [0044.795] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.795] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x27cf, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x27cf, lpOverlapped=0x0) returned 1 [0044.795] CloseHandle (hObject=0x48) returned 1 [0044.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0044.795] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.adv")) returned 1 [0044.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0044.796] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 0 [0044.796] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.796] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="12.0", cAlternateFileName="")) returned 0 [0044.796] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.796] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0044.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e20a0 [0044.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6f08b0 [0044.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.796] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.797] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.797] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Gadgets", cAlternateFileName="")) returned 1 [0044.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0044.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e20a0 [0044.797] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6451100, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.797] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6451100, cFileName="..", cAlternateFileName="")) returned 1 [0044.797] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6451100, cFileName="..", cAlternateFileName="")) returned 0 [0044.797] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.797] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0044.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.797] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0948 [0044.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.797] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0044.797] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x54, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x54, lpOverlapped=0x0) returned 1 [0044.798] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.798] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x54, lpOverlapped=0x0) returned 1 [0044.798] CloseHandle (hObject=0x44) returned 1 [0044.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e20a0 [0044.798] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.adv" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.adv")) returned 1 [0044.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20a0 | out: hHeap=0x6d0000) returned 1 [0044.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0948 | out: hHeap=0x6d0000) returned 1 [0044.799] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Settings.ini", cAlternateFileName="")) returned 0 [0044.799] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.799] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0044.799] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0044.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0044.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd0 | out: hHeap=0x6d0000) returned 1 [0044.799] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Temp", cAlternateFileName="")) returned 1 [0044.799] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0044.799] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1fd0 [0044.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0044.799] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2038 [0044.799] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Temp\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0044.800] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0044.800] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 1 [0044.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e2090 [0044.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2090 | out: hHeap=0x6d0000) returned 1 [0044.800] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40 [0044.800] SetFilePointer (in: hFile=0x40, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.800] CloseHandle (hObject=0x40) returned 1 [0044.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.800] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt.adv" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt.adv")) returned 1 [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.801] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 0 [0044.801] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2038 | out: hHeap=0x6d0000) returned 1 [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd0 | out: hHeap=0x6d0000) returned 1 [0044.801] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0044.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1f20 [0044.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0044.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6e1fd0 [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.801] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="")) returned 0xffffffff [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fd0 | out: hHeap=0x6d0000) returned 1 [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0044.801] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0 [0044.801] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f68 | out: hHeap=0x6d0000) returned 1 [0044.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0044.801] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0044.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0044.802] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0044.802] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.802] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0044.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0044.802] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0044.802] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.802] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="CryptnetUrlCache", cAlternateFileName="CRYPTN~1")) returned 1 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0044.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.802] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.802] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.802] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="Content", cAlternateFileName="")) returned 1 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0044.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0978 [0044.803] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.803] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.803] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x228, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0044.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0044.803] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0aa8 [0044.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0044.803] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.803] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x228, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x228, lpOverlapped=0x0) returned 1 [0044.804] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.804] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x228, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x228, lpOverlapped=0x0) returned 1 [0044.804] CloseHandle (hObject=0x48) returned 1 [0044.804] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3778 [0044.804] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.adv" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.adv")) returned 1 [0044.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0044.805] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0044.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0044.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0aa8 [0044.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0044.805] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.805] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.805] CloseHandle (hObject=0x48) returned 1 [0044.805] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3778 [0044.806] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.adv" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.adv")) returned 1 [0044.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0044.806] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 0 [0044.806] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0044.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.806] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="MetaData", cAlternateFileName="")) returned 1 [0044.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0044.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0978 [0044.806] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.807] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.807] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0044.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0044.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0aa8 [0044.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0044.807] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.807] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x104, lpOverlapped=0x0) returned 1 [0044.808] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.808] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x104, lpOverlapped=0x0) returned 1 [0044.808] CloseHandle (hObject=0x48) returned 1 [0044.808] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3778 [0044.808] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.adv" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.adv")) returned 1 [0044.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0044.809] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0044.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0044.809] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0aa8 [0044.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0044.809] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.809] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x130, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x130, lpOverlapped=0x0) returned 1 [0044.810] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.810] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x130, lpOverlapped=0x0) returned 1 [0044.810] CloseHandle (hObject=0x48) returned 1 [0044.810] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3778 [0044.811] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.adv" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.adv")) returned 1 [0044.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0044.811] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 0 [0044.811] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0044.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.811] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="MetaData", cAlternateFileName="")) returned 0 [0044.811] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0044.811] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="CryptnetUrlCache", cAlternateFileName="CRYPTN~1")) returned 0 [0044.811] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0044.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0044.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0044.812] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0044.812] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0044.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0044.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0044.812] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0044.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0044.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0044.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0044.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0044.812] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0044.812] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.812] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0044.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0044.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0044.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0044.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0044.812] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0044.812] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.812] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0044.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0044.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f08b0 [0044.812] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0044.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e2048 [0044.812] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.813] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.813] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 0 [0044.813] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0044.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.813] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0044.813] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0044.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0044.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0044.813] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0044.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0044.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0044.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0044.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fe0 [0044.813] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed988 [0044.815] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.815] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0044.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0044.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0044.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0044.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0044.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.816] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0044.816] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.816] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.816] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 0 [0044.816] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.816] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.816] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0044.816] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Crypto", cAlternateFileName="")) returned 1 [0044.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0044.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0044.816] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0044.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0044.816] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.816] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.816] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="RSA", cAlternateFileName="")) returned 1 [0044.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea900 [0044.816] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.816] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.817] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 0 [0044.817] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea900 | out: hHeap=0x6d0000) returned 1 [0044.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.817] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="RSA", cAlternateFileName="")) returned 0 [0044.817] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0044.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0044.817] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0044.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0044.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0044.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0044.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.817] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.817] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.817] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0044.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0044.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0978 [0044.817] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfda27f60, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.819] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfda27f60, cFileName="..", cAlternateFileName="")) returned 1 [0044.819] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7de4960a, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e1692f0, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x92, dwReserved0=0x1ca0431, dwReserved1=0xfda27f60, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0044.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a20 [0044.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0ac8 [0044.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0044.819] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.819] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x92, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x92, lpOverlapped=0x0) returned 1 [0044.820] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.820] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x92, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x92, lpOverlapped=0x0) returned 1 [0044.820] CloseHandle (hObject=0x48) returned 1 [0044.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0044.820] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.adv")) returned 1 [0044.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac8 | out: hHeap=0x6d0000) returned 1 [0044.821] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de234aa, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x1ca0431, dwReserved1=0xfda27f60, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0044.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a20 [0044.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0ac8 [0044.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0044.821] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.821] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x122, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x122, lpOverlapped=0x0) returned 1 [0044.822] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.823] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x122, lpOverlapped=0x0) returned 1 [0044.823] CloseHandle (hObject=0x48) returned 1 [0044.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3778 [0044.823] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.adv")) returned 1 [0044.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac8 | out: hHeap=0x6d0000) returned 1 [0044.823] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0xfda27f60, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0044.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a20 [0044.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0ac8 [0044.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0044.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3778 [0044.823] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cc, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.824] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cc, cFileName="..", cAlternateFileName="")) returned 1 [0044.824] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cc, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0044.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3830 [0044.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e38e8 [0044.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3830 | out: hHeap=0x6d0000) returned 1 [0044.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e39f8 [0044.824] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0044.824] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.824] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 0 [0044.824] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0044.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0044.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38e8 | out: hHeap=0x6d0000) returned 1 [0044.824] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cc, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0044.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3830 [0044.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e38e8 [0044.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3830 | out: hHeap=0x6d0000) returned 1 [0044.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e39f8 [0044.824] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0044.826] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.826] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xd3, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0044.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ac0 [0044.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3b88 [0044.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ac0 | out: hHeap=0x6d0000) returned 1 [0044.826] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0044.826] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd3, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xd3, lpOverlapped=0x0) returned 1 [0044.827] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.827] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd3, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xd3, lpOverlapped=0x0) returned 1 [0044.828] CloseHandle (hObject=0x50) returned 1 [0044.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3cb0 [0044.828] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.adv")) returned 1 [0044.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cb0 | out: hHeap=0x6d0000) returned 1 [0044.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b88 | out: hHeap=0x6d0000) returned 1 [0044.828] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0044.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ac0 [0044.828] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3b88 [0044.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ac0 | out: hHeap=0x6d0000) returned 1 [0044.828] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0044.829] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5a9, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x5a9, lpOverlapped=0x0) returned 1 [0044.830] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.830] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5a9, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x5a9, lpOverlapped=0x0) returned 1 [0044.830] CloseHandle (hObject=0x50) returned 1 [0044.830] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3cb0 [0044.830] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.adv")) returned 1 [0044.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cb0 | out: hHeap=0x6d0000) returned 1 [0044.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b88 | out: hHeap=0x6d0000) returned 1 [0044.831] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0044.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ac0 [0044.831] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3b88 [0044.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ac0 | out: hHeap=0x6d0000) returned 1 [0044.831] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0044.831] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4cc, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0044.833] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.833] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4cc, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0044.833] CloseHandle (hObject=0x50) returned 1 [0044.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3cb0 [0044.833] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.adv")) returned 1 [0044.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cb0 | out: hHeap=0x6d0000) returned 1 [0044.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b88 | out: hHeap=0x6d0000) returned 1 [0044.833] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0044.833] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ac0 [0044.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3b88 [0044.834] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ac0 | out: hHeap=0x6d0000) returned 1 [0044.834] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0044.834] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x60b, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x60b, lpOverlapped=0x0) returned 1 [0044.851] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.851] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x60b, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x60b, lpOverlapped=0x0) returned 1 [0044.851] CloseHandle (hObject=0x50) returned 1 [0044.851] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3cb0 [0044.851] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.adv")) returned 1 [0044.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cb0 | out: hHeap=0x6d0000) returned 1 [0044.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b88 | out: hHeap=0x6d0000) returned 1 [0044.852] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x1d2dd9c, dwReserved1=0x6320600, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0044.852] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0044.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0044.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e38e8 | out: hHeap=0x6d0000) returned 1 [0044.852] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1cc, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0044.852] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0044.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac8 | out: hHeap=0x6d0000) returned 1 [0044.852] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de6f76b, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x1ca0431, dwReserved1=0xfda27f60, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0044.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a20 [0044.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0ac8 [0044.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a20 | out: hHeap=0x6d0000) returned 1 [0044.852] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.853] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x110, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x110, lpOverlapped=0x0) returned 1 [0044.854] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.854] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x110, lpOverlapped=0x0) returned 1 [0044.854] CloseHandle (hObject=0x48) returned 1 [0044.854] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3778 [0044.854] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.adv")) returned 1 [0044.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac8 | out: hHeap=0x6d0000) returned 1 [0044.857] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de6f76b, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x1ca0431, dwReserved1=0xfda27f60, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0044.857] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0044.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.857] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 0 [0044.857] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0044.857] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Protect", cAlternateFileName="")) returned 1 [0044.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0044.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0044.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0044.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0044.857] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.858] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.858] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0044.858] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.858] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.858] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.858] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44 [0044.858] ReadFile (in: hFile=0x44, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e8e8*=0x18, lpOverlapped=0x0) returned 1 [0044.859] SetFilePointer (in: hFile=0x44, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.859] WriteFile (in: hFile=0x44, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e8e8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e8e8*=0x18, lpOverlapped=0x0) returned 1 [0044.859] CloseHandle (hObject=0x44) returned 1 [0044.859] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.859] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist.adv")) returned 1 [0044.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.860] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0044.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f08b0 [0044.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.860] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0988 [0044.860] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3d, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.861] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3d, cFileName="..", cAlternateFileName="")) returned 1 [0044.861] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x3d, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0044.861] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0a60 [0044.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3778 [0044.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a60 | out: hHeap=0x6d0000) returned 1 [0044.862] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.862] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0044.863] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.863] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1d4, lpOverlapped=0x0) returned 1 [0044.863] CloseHandle (hObject=0x48) returned 1 [0044.863] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f0a60 [0044.863] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.adv")) returned 1 [0044.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a60 | out: hHeap=0x6d0000) returned 1 [0044.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.864] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x3d, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0044.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0a60 [0044.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3778 [0044.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a60 | out: hHeap=0x6d0000) returned 1 [0044.864] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.864] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0044.865] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.865] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x18, lpOverlapped=0x0) returned 1 [0044.865] CloseHandle (hObject=0x48) returned 1 [0044.865] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6f0a60 [0044.865] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.adv")) returned 1 [0044.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a60 | out: hHeap=0x6d0000) returned 1 [0044.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.866] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x3d, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0044.866] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0988 | out: hHeap=0x6d0000) returned 1 [0044.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.866] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 0 [0044.866] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0044.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0044.866] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0044.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0044.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0044.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0044.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.866] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.866] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.866] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="My", cAlternateFileName="")) returned 1 [0044.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f08b0 [0044.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0978 [0044.867] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.867] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.867] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0044.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0044.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0aa8 [0044.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0044.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3778 [0044.867] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.868] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.868] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 0 [0044.868] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0044.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0044.868] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0044.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0044.868] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0044.868] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.869] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.869] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 0 [0044.869] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0044.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0044.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0044.869] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0044.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a10 [0044.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0aa8 [0044.869] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.869] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.869] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 0 [0044.869] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0044.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0aa8 | out: hHeap=0x6d0000) returned 1 [0044.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a10 | out: hHeap=0x6d0000) returned 1 [0044.870] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="CTLs", cAlternateFileName="")) returned 0 [0044.870] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0978 | out: hHeap=0x6d0000) returned 1 [0044.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.870] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="My", cAlternateFileName="")) returned 0 [0044.870] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0044.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0044.870] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Windows", cAlternateFileName="")) returned 1 [0044.870] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e2048 [0044.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e20b0 [0044.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2048 | out: hHeap=0x6d0000) returned 1 [0044.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0044.871] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName=".", cAlternateFileName="")) returned 0x6ed9c8 [0044.873] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="..", cAlternateFileName="")) returned 1 [0044.873] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe7f4ba2, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Cookies", cAlternateFileName="")) returned 1 [0044.873] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.873] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.873] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.873] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.873] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe7f4ba2, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.874] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe7f4ba2, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.874] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd021fb60, ftLastWriteTime.dwHighDateTime=0x1cb892e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0044.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.874] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.874] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0044.891] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.891] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4000, lpOverlapped=0x0) returned 1 [0044.892] CloseHandle (hObject=0x48) returned 1 [0044.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.892] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat.adv")) returned 1 [0044.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.896] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd021fb60, ftLastWriteTime.dwHighDateTime=0x1cb892e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="index.dat", cAlternateFileName="")) returned 0 [0044.896] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.896] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0044.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0044.896] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.909] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.909] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Low", cAlternateFileName="")) returned 1 [0044.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f09f8 [0044.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a90 [0044.909] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.909] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.909] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 0 [0044.909] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0044.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a90 | out: hHeap=0x6d0000) returned 1 [0044.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f09f8 | out: hHeap=0x6d0000) returned 1 [0044.909] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Low", cAlternateFileName="")) returned 0 [0044.909] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.909] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0044.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.909] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.909] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.910] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.910] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe6c3ce0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x3c000, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0044.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.910] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.910] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.910] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c000, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3c000, lpOverlapped=0x0) returned 1 [0044.914] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.914] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c000, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3c000, lpOverlapped=0x0) returned 1 [0044.914] CloseHandle (hObject=0x48) returned 1 [0044.914] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.914] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat.adv")) returned 1 [0044.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.915] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Low", cAlternateFileName="")) returned 1 [0044.915] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.915] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.915] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0044.915] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.916] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc, cFileName="..", cAlternateFileName="")) returned 1 [0044.916] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xc, cFileName="..", cAlternateFileName="")) returned 0 [0044.916] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0044.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.916] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Low", cAlternateFileName="")) returned 0 [0044.916] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.916] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0044.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.916] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.918] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.918] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89275ec, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0044.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.918] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.918] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.918] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.918] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x112, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x112, lpOverlapped=0x0) returned 1 [0044.919] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.919] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x112, lpOverlapped=0x0) returned 1 [0044.919] CloseHandle (hObject=0x48) returned 1 [0044.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.919] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini.adv")) returned 1 [0044.920] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.920] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.920] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xe03, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Documents.library-ms", cAlternateFileName="DOCUME~1.LIB")) returned 1 [0044.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.920] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.920] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.920] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.920] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe03, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xe03, lpOverlapped=0x0) returned 1 [0044.922] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.922] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe03, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xe03, lpOverlapped=0x0) returned 1 [0044.922] CloseHandle (hObject=0x48) returned 1 [0044.922] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0044.922] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.adv")) returned 1 [0044.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.922] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89275ec, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xdd9, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Music.library-ms", cAlternateFileName="MUSIC~1.LIB")) returned 1 [0044.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.923] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.923] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.923] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdd9, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xdd9, lpOverlapped=0x0) returned 1 [0044.924] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.924] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdd9, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xdd9, lpOverlapped=0x0) returned 1 [0044.925] CloseHandle (hObject=0x48) returned 1 [0044.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0044.925] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.adv")) returned 1 [0044.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.925] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xdfb, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Pictures.library-ms", cAlternateFileName="PICTUR~1.LIB")) returned 1 [0044.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.926] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.926] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xdfb, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xdfb, lpOverlapped=0x0) returned 1 [0044.927] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.927] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xdfb, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xdfb, lpOverlapped=0x0) returned 1 [0044.928] CloseHandle (hObject=0x48) returned 1 [0044.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0044.928] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.adv")) returned 1 [0044.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.928] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89275ec, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xde6, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 1 [0044.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.928] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.929] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xde6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xde6, lpOverlapped=0x0) returned 1 [0044.931] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.931] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xde6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xde6, lpOverlapped=0x0) returned 1 [0044.931] CloseHandle (hObject=0x48) returned 1 [0044.931] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0044.931] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.adv")) returned 1 [0044.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.932] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89275ec, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xde6, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 0 [0044.932] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.932] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0044.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0044.932] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.932] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.932] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 0 [0044.932] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.932] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0044.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0960 [0044.932] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.933] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.933] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 0 [0044.933] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.933] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0044.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.933] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.933] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.933] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Low", cAlternateFileName="")) returned 1 [0044.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e48a8 [0044.933] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e48a8 | out: hHeap=0x6d0000) returned 1 [0044.933] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.933] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.934] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 0 [0044.934] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0044.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.934] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Low", cAlternateFileName="")) returned 0 [0044.934] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.936] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Recent", cAlternateFileName="")) returned 1 [0044.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.936] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.936] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.937] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.937] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x125b3d0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0044.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6f0ad0 [0044.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.937] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x125b3d0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.937] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x125b3d0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName="..", cAlternateFileName="")) returned 1 [0044.937] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x14bb620, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1 [0044.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.937] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3778 [0044.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.938] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x164) returned 0x6e3870 [0044.938] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.938] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0044.938] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1600, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1600, lpOverlapped=0x0) returned 1 [0044.939] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.940] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1600, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1600, lpOverlapped=0x0) returned 1 [0044.940] CloseHandle (hObject=0x4c) returned 1 [0044.940] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e39e0 [0044.940] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.adv")) returned 1 [0044.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39e0 | out: hHeap=0x6d0000) returned 1 [0044.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3870 | out: hHeap=0x6d0000) returned 1 [0044.940] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x14bb620, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 0 [0044.940] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0044.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0044.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.941] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0044.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.941] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.941] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.944] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName="..", cAlternateFileName="")) returned 1 [0044.944] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName="1b4dd67f29cb1962.customDestinations-ms", cAlternateFileName="1B4DD6~1.CUS")) returned 1 [0044.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ad0 [0044.944] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3778 [0044.944] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0044.944] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0044.945] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0044.946] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.946] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0044.946] CloseHandle (hObject=0x4c) returned 1 [0044.946] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.adv")) returned 1 [0044.964] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0044.964] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.964] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xc67cc5, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x3c12, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName="5afe4de1b92fc382.customDestinations-ms", cAlternateFileName="5AFE4D~1.CUS")) returned 1 [0044.964] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0044.964] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0044.965] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3c12, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x3c12, lpOverlapped=0x0) returned 1 [0044.967] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.967] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3c12, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x3c12, lpOverlapped=0x0) returned 1 [0044.967] CloseHandle (hObject=0x4c) returned 1 [0044.967] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0ad0 [0044.967] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.adv")) returned 1 [0044.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0044.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.968] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 1 [0044.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0ad0 [0044.968] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3778 [0044.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0044.968] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0044.968] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0044.969] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.969] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x18, lpOverlapped=0x0) returned 1 [0044.969] CloseHandle (hObject=0x4c) returned 1 [0044.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6f0ad0 [0044.969] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.adv")) returned 1 [0044.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ad0 | out: hHeap=0x6d0000) returned 1 [0044.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0044.970] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x1ca0431, dwReserved1=0x6404e40, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 0 [0044.970] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0044.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.970] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0044.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.970] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.970] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.971] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1b0, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x1b0, lpOverlapped=0x0) returned 1 [0044.971] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.971] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x1b0, lpOverlapped=0x0) returned 1 [0044.972] CloseHandle (hObject=0x48) returned 1 [0044.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.972] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini.adv")) returned 1 [0044.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.972] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0044.972] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.972] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="SendTo", cAlternateFileName="")) returned 1 [0044.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.973] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.973] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.975] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.975] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeca9f1ef, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1 [0044.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0960 [0044.975] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.975] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.975] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x3, lpOverlapped=0x0) returned 1 [0044.976] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.976] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x3, lpOverlapped=0x0) returned 1 [0044.976] CloseHandle (hObject=0x48) returned 1 [0044.976] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0a38 [0044.976] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.adv")) returned 1 [0044.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a38 | out: hHeap=0x6d0000) returned 1 [0044.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.977] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c45a701, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb52ab9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Desktop (create shortcut).DeskLink", cAlternateFileName="DESKTO~1.DES")) returned 1 [0044.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.977] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6f0960 [0044.977] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.977] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.978] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x7, lpOverlapped=0x0) returned 1 [0044.979] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.979] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x7, lpOverlapped=0x0) returned 1 [0044.979] CloseHandle (hObject=0x48) returned 1 [0044.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6f0a28 [0044.979] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.adv")) returned 1 [0044.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.979] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xec18bec6, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0044.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.980] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.980] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x22e, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x22e, lpOverlapped=0x0) returned 1 [0044.981] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.981] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x22e, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x22e, lpOverlapped=0x0) returned 1 [0044.981] CloseHandle (hObject=0x48) returned 1 [0044.981] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.981] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini.adv")) returned 1 [0044.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.982] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63dece0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1 [0044.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.982] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.982] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.982] CloseHandle (hObject=0x48) returned 1 [0044.982] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.982] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs.adv")) returned 1 [0044.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.983] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d802e42, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0044.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.983] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.983] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.983] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.984] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4d6, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4d6, lpOverlapped=0x0) returned 1 [0044.989] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.989] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4d6, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4d6, lpOverlapped=0x0) returned 1 [0044.989] CloseHandle (hObject=0x48) returned 1 [0044.989] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.989] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk.adv")) returned 1 [0044.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.990] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c48085e, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 1 [0044.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.990] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.990] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x4, lpOverlapped=0x0) returned 1 [0044.991] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.991] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x4, lpOverlapped=0x0) returned 1 [0044.991] CloseHandle (hObject=0x48) returned 1 [0044.991] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0044.991] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.adv")) returned 1 [0044.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.992] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c48085e, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 0 [0044.992] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0044.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0044.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0044.992] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0044.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0044.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0044.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0044.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0044.992] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0044.992] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0044.992] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x63dece0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0044.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.992] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.993] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0044.993] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0xae, lpOverlapped=0x0) returned 1 [0044.994] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0044.994] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0xae, lpOverlapped=0x0) returned 1 [0044.994] CloseHandle (hObject=0x48) returned 1 [0044.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f0a28 [0044.994] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini.adv")) returned 1 [0044.995] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.995] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0044.995] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Programs", cAlternateFileName="")) returned 1 [0044.995] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0044.995] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0044.995] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0044.995] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0044.995] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6f0ac0 [0044.995] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.995] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb, cFileName=".", cAlternateFileName="")) returned 0x6eda48 [0044.996] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb, cFileName="..", cAlternateFileName="")) returned 1 [0044.996] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0044.996] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0044.996] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0044.996] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0044.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0044.997] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0044.998] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="..", cAlternateFileName="")) returned 1 [0044.999] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0044.999] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0044.999] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0044.999] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0044.999] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3ad8 [0044.999] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x63b8b80, cFileName=".", cAlternateFileName="")) returned 0x6edac8 [0045.000] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x63b8b80, cFileName="..", cAlternateFileName="")) returned 1 [0045.000] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec0cd7f5, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x1ca0431, dwReserved1=0x63b8b80, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0045.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3bb0 [0045.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3c88 [0045.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bb0 | out: hHeap=0x6d0000) returned 1 [0045.001] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.001] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2c0, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2c0, lpOverlapped=0x0) returned 1 [0045.002] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.002] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2c0, lpOverlapped=0x0) returned 1 [0045.002] CloseHandle (hObject=0x54) returned 1 [0045.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3dc8 [0045.002] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.adv")) returned 1 [0045.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3dc8 | out: hHeap=0x6d0000) returned 1 [0045.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c88 | out: hHeap=0x6d0000) returned 1 [0045.046] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1aadace0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0x1ca0431, dwReserved1=0x63b8b80, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1 [0045.046] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3bb0 [0045.046] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3c88 [0045.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bb0 | out: hHeap=0x6d0000) returned 1 [0045.046] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.047] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x54e, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x54e, lpOverlapped=0x0) returned 1 [0045.048] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.048] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x54e, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x54e, lpOverlapped=0x0) returned 1 [0045.048] CloseHandle (hObject=0x54) returned 1 [0045.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3dc8 [0045.048] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.adv")) returned 1 [0045.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3dc8 | out: hHeap=0x6d0000) returned 1 [0045.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c88 | out: hHeap=0x6d0000) returned 1 [0045.049] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a911c5d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0x1ca0431, dwReserved1=0x63b8b80, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0045.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3bb0 [0045.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3c88 [0045.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bb0 | out: hHeap=0x6d0000) returned 1 [0045.049] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.049] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ea, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4ea, lpOverlapped=0x0) returned 1 [0045.051] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.051] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ea, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4ea, lpOverlapped=0x0) returned 1 [0045.051] CloseHandle (hObject=0x54) returned 1 [0045.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3dc8 [0045.051] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.adv")) returned 1 [0045.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3dc8 | out: hHeap=0x6d0000) returned 1 [0045.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c88 | out: hHeap=0x6d0000) returned 1 [0045.052] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b733f17, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x1ca0431, dwReserved1=0x63b8b80, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1 [0045.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3bb0 [0045.052] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3c88 [0045.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bb0 | out: hHeap=0x6d0000) returned 1 [0045.052] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.052] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4ee, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4ee, lpOverlapped=0x0) returned 1 [0045.054] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.054] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4ee, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4ee, lpOverlapped=0x0) returned 1 [0045.054] CloseHandle (hObject=0x54) returned 1 [0045.054] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3dc8 [0045.054] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.adv")) returned 1 [0045.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3dc8 | out: hHeap=0x6d0000) returned 1 [0045.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c88 | out: hHeap=0x6d0000) returned 1 [0045.055] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a9f649f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x1ca0431, dwReserved1=0x63b8b80, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1 [0045.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3bb0 [0045.055] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x136) returned 0x6e3c88 [0045.055] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3bb0 | out: hHeap=0x6d0000) returned 1 [0045.055] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.055] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4e2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x4e2, lpOverlapped=0x0) returned 1 [0045.057] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.057] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4e2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x4e2, lpOverlapped=0x0) returned 1 [0045.057] CloseHandle (hObject=0x54) returned 1 [0045.057] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x100) returned 0x6e3dc8 [0045.057] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.adv")) returned 1 [0045.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3dc8 | out: hHeap=0x6d0000) returned 1 [0045.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3c88 | out: hHeap=0x6d0000) returned 1 [0045.058] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a9f649f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x1ca0431, dwReserved1=0x63b8b80, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 0 [0045.058] FindClose (in: hFindFile=0x6edac8 | out: hFindFile=0x6edac8) returned 1 [0045.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0045.058] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a53d8cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0045.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0045.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0045.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0045.058] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0045.058] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x500, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x500, lpOverlapped=0x0) returned 1 [0045.060] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.060] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x500, lpOverlapped=0x0) returned 1 [0045.060] CloseHandle (hObject=0x50) returned 1 [0045.060] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3ad8 [0045.060] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk.adv")) returned 1 [0045.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0045.061] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec08153b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0045.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0045.061] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0045.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0045.061] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0045.061] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2a6, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x2a6, lpOverlapped=0x0) returned 1 [0045.062] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.062] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2a6, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x2a6, lpOverlapped=0x0) returned 1 [0045.062] CloseHandle (hObject=0x50) returned 1 [0045.062] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3ad8 [0045.062] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.adv")) returned 1 [0045.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0045.063] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d655ee8, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0045.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0045.063] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0045.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0045.063] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0045.064] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x518, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x518, lpOverlapped=0x0) returned 1 [0045.067] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.067] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x518, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x518, lpOverlapped=0x0) returned 1 [0045.068] CloseHandle (hObject=0x50) returned 1 [0045.068] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3ad8 [0045.068] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk.adv")) returned 1 [0045.068] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.068] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0045.068] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dcf29a8, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="Run.lnk", cAlternateFileName="")) returned 1 [0045.068] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0045.068] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0045.068] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0045.068] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0045.069] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x106, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x106, lpOverlapped=0x0) returned 1 [0045.070] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.070] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x106, lpOverlapped=0x0) returned 1 [0045.070] CloseHandle (hObject=0x50) returned 1 [0045.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0045.070] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk.adv")) returned 1 [0045.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0045.070] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0045.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0045.071] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0045.071] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0045.071] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0045.071] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3ba0 [0045.071] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.071] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x160, cFileName=".", cAlternateFileName="")) returned 0x6edac8 [0045.072] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x160, cFileName="..", cAlternateFileName="")) returned 1 [0045.072] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ddd71ea, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x160, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0045.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0045.073] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3cc8 [0045.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.073] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.073] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x106, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x106, lpOverlapped=0x0) returned 1 [0045.074] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.074] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x106, lpOverlapped=0x0) returned 1 [0045.074] CloseHandle (hObject=0x54) returned 1 [0045.074] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3df0 [0045.074] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk.adv")) returned 1 [0045.075] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3df0 | out: hHeap=0x6d0000) returned 1 [0045.075] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0045.075] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dd8af29, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x160, cFileName="Control Panel.lnk", cAlternateFileName="CONTRO~1.LNK")) returned 1 [0045.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0045.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3cc8 [0045.075] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.075] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.075] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x106, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x106, lpOverlapped=0x0) returned 1 [0045.076] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.076] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x106, lpOverlapped=0x0) returned 1 [0045.076] CloseHandle (hObject=0x54) returned 1 [0045.076] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e3df0 [0045.076] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk.adv")) returned 1 [0045.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3df0 | out: hHeap=0x6d0000) returned 1 [0045.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0045.077] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec119aaf, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0x0, dwReserved1=0x160, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0045.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0045.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3cc8 [0045.077] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.077] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.077] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2e2, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x2e2, lpOverlapped=0x0) returned 1 [0045.079] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.079] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2e2, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x2e2, lpOverlapped=0x0) returned 1 [0045.079] CloseHandle (hObject=0x54) returned 1 [0045.079] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3df0 [0045.079] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.adv")) returned 1 [0045.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3df0 | out: hHeap=0x6d0000) returned 1 [0045.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0045.080] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6392a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5db, dwReserved0=0x0, dwReserved1=0x160, cFileName="Internet Explorer (No Add-ons).lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0045.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0045.080] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3cc8 [0045.080] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.080] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.080] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5db, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x5db, lpOverlapped=0x0) returned 1 [0045.082] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.082] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5db, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x5db, lpOverlapped=0x0) returned 1 [0045.082] CloseHandle (hObject=0x54) returned 1 [0045.082] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3df0 [0045.082] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.adv")) returned 1 [0045.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3df0 | out: hHeap=0x6d0000) returned 1 [0045.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0045.083] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d3d87bb, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x160, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1 [0045.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0045.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e3cc8 [0045.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.083] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54 [0045.083] ReadFile (in: hFile=0x54, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x51a, lpNumberOfBytesRead=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dcb8*=0x51a, lpOverlapped=0x0) returned 1 [0045.107] SetFilePointer (in: hFile=0x54, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.107] WriteFile (in: hFile=0x54, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x51a, lpNumberOfBytesWritten=0x31dcb8, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dcb8*=0x51a, lpOverlapped=0x0) returned 1 [0045.107] CloseHandle (hObject=0x54) returned 1 [0045.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x110) returned 0x6e3df0 [0045.108] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.adv")) returned 1 [0045.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3df0 | out: hHeap=0x6d0000) returned 1 [0045.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3cc8 | out: hHeap=0x6d0000) returned 1 [0045.109] FindNextFileW (in: hFindFile=0x6edac8, lpFindFileData=0x31da38 | out: lpFindFileData=0x31da38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d3d87bb, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x160, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 0 [0045.109] FindClose (in: hFindFile=0x6edac8 | out: hFindFile=0x6edac8) returned 1 [0045.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ba0 | out: hHeap=0x6d0000) returned 1 [0045.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0045.109] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dc80587, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0045.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0045.109] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0045.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0045.109] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0045.109] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x4cc, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0045.111] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.111] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x4cc, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x4cc, lpOverlapped=0x0) returned 1 [0045.111] CloseHandle (hObject=0x50) returned 1 [0045.111] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3ad8 [0045.111] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk.adv")) returned 1 [0045.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0045.112] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dc80587, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0045.112] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0045.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0045.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0045.112] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0045.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0045.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0045.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0045.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3858 [0045.112] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0045.112] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="..", cAlternateFileName="")) returned 1 [0045.112] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3920 [0045.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11e) returned 0x6e39e8 [0045.112] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3920 | out: hHeap=0x6d0000) returned 1 [0045.113] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0045.113] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xae, lpOverlapped=0x0) returned 1 [0045.114] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.114] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xae, lpOverlapped=0x0) returned 1 [0045.114] CloseHandle (hObject=0x50) returned 1 [0045.114] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3b10 [0045.114] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.adv")) returned 1 [0045.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3b10 | out: hHeap=0x6d0000) returned 1 [0045.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39e8 | out: hHeap=0x6d0000) returned 1 [0045.115] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1ca0431, dwReserved1=0x6451100, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.115] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0045.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0045.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0045.115] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0x0, dwReserved1=0xb, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0045.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0045.115] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0045.115] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0045.115] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1dc, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x1dc, lpOverlapped=0x0) returned 1 [0045.116] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.116] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1dc, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x1dc, lpOverlapped=0x0) returned 1 [0045.116] CloseHandle (hObject=0x4c) returned 1 [0045.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0045.116] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini.adv")) returned 1 [0045.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0045.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0045.117] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x587, dwReserved0=0x0, dwReserved1=0xb, cFileName="Internet Explorer (64-bit).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0045.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0045.117] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0045.117] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0045.117] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0045.117] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x587, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x587, lpOverlapped=0x0) returned 1 [0045.119] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.119] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x587, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x587, lpOverlapped=0x0) returned 1 [0045.119] CloseHandle (hObject=0x4c) returned 1 [0045.119] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e3858 [0045.119] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk.adv")) returned 1 [0045.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0045.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0045.120] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6392a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0xb, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0045.120] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0045.120] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0045.120] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0045.120] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c [0045.120] ReadFile (in: hFile=0x4c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x5a9, lpNumberOfBytesRead=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e2d0*=0x5a9, lpOverlapped=0x0) returned 1 [0045.122] SetFilePointer (in: hFile=0x4c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.122] WriteFile (in: hFile=0x4c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x5a9, lpNumberOfBytesWritten=0x31e2d0, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e2d0*=0x5a9, lpOverlapped=0x0) returned 1 [0045.122] CloseHandle (hObject=0x4c) returned 1 [0045.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3858 [0045.122] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk.adv")) returned 1 [0045.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0045.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0045.123] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0045.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0045.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0045.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0045.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3858 [0045.123] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1ae, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0045.123] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1ae, cFileName="..", cAlternateFileName="")) returned 1 [0045.123] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec165d69, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x1ae, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0045.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0045.123] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0045.123] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0045.123] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0045.124] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x13e, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x13e, lpOverlapped=0x0) returned 1 [0045.124] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.125] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x13e, lpOverlapped=0x0) returned 1 [0045.125] CloseHandle (hObject=0x50) returned 1 [0045.125] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x6e3ad8 [0045.125] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.adv")) returned 1 [0045.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.127] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0045.128] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dd3ec69, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x1ae, cFileName="Help.lnk", cAlternateFileName="")) returned 1 [0045.128] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e3910 [0045.128] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x6e39c8 [0045.128] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3910 | out: hHeap=0x6d0000) returned 1 [0045.128] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0045.128] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x106, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0x106, lpOverlapped=0x0) returned 1 [0045.129] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.129] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x106, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0x106, lpOverlapped=0x0) returned 1 [0045.129] CloseHandle (hObject=0x50) returned 1 [0045.129] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3ad8 [0045.129] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk.adv")) returned 1 [0045.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3ad8 | out: hHeap=0x6d0000) returned 1 [0045.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39c8 | out: hHeap=0x6d0000) returned 1 [0045.130] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dd3ec69, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x1ae, cFileName="Help.lnk", cAlternateFileName="")) returned 0 [0045.130] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0045.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0045.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0045.130] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb, cFileName="Startup", cAlternateFileName="")) returned 1 [0045.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f0a28 [0045.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x6e3778 [0045.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0045.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3858 [0045.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e3900 [0045.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0045.130] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1ae, cFileName=".", cAlternateFileName="")) returned 0x6eda88 [0045.130] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1ae, cFileName="..", cAlternateFileName="")) returned 1 [0045.130] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x1ae, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e3858 [0045.130] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x6e39f8 [0045.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3858 | out: hHeap=0x6d0000) returned 1 [0045.130] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50 [0045.131] ReadFile (in: hFile=0x50, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31dfc4*=0xae, lpOverlapped=0x0) returned 1 [0045.132] SetFilePointer (in: hFile=0x50, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.132] WriteFile (in: hFile=0x50, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31dfc4, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31dfc4*=0xae, lpOverlapped=0x0) returned 1 [0045.132] CloseHandle (hObject=0x50) returned 1 [0045.132] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x6e3af0 [0045.132] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.adv")) returned 1 [0045.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3af0 | out: hHeap=0x6d0000) returned 1 [0045.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e39f8 | out: hHeap=0x6d0000) returned 1 [0045.132] FindNextFileW (in: hFindFile=0x6eda88, lpFindFileData=0x31dd44 | out: lpFindFileData=0x31dd44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x1ae, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.132] FindClose (in: hFindFile=0x6eda88 | out: hFindFile=0x6eda88) returned 1 [0045.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3900 | out: hHeap=0x6d0000) returned 1 [0045.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3778 | out: hHeap=0x6d0000) returned 1 [0045.133] FindNextFileW (in: hFindFile=0x6eda48, lpFindFileData=0x31e050 | out: lpFindFileData=0x31e050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xb, cFileName="Startup", cAlternateFileName="")) returned 0 [0045.133] FindClose (in: hFindFile=0x6eda48 | out: hFindFile=0x6eda48) returned 1 [0045.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0ac0 | out: hHeap=0x6d0000) returned 1 [0045.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0045.133] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Programs", cAlternateFileName="")) returned 0 [0045.133] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0045.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0045.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0045.133] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda4e0ba, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0045.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0045.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0045.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0045.133] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0045.133] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda4e0ba, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0045.133] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda4e0ba, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0045.133] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda4e0ba, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 0 [0045.133] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0045.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0045.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0045.134] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Themes", cAlternateFileName="")) returned 1 [0045.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea888 [0045.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa6) returned 0x6f08b0 [0045.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea888 | out: hHeap=0x6d0000) returned 1 [0045.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0045.134] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*", lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6eda08 [0045.134] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0045.134] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff982e02, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x9b944, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 1 [0045.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4820 [0045.134] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x6f0960 [0045.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4820 | out: hHeap=0x6d0000) returned 1 [0045.134] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48 [0045.134] ReadFile (in: hFile=0x48, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x9b944, lpNumberOfBytesRead=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31e5dc*=0x9b944, lpOverlapped=0x0) returned 1 [0045.142] SetFilePointer (in: hFile=0x48, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.142] WriteFile (in: hFile=0x48, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x9b944, lpNumberOfBytesWritten=0x31e5dc, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31e5dc*=0x9b944, lpOverlapped=0x0) returned 1 [0045.144] CloseHandle (hObject=0x48) returned 1 [0045.144] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6f0a28 [0045.144] MoveFileW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.adv" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.adv")) returned 1 [0045.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0a28 | out: hHeap=0x6d0000) returned 1 [0045.144] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f0960 | out: hHeap=0x6d0000) returned 1 [0045.144] FindNextFileW (in: hFindFile=0x6eda08, lpFindFileData=0x31e35c | out: lpFindFileData=0x31e35c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff982e02, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x9b944, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 0 [0045.145] FindClose (in: hFindFile=0x6eda08 | out: hFindFile=0x6eda08) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0045.145] FindNextFileW (in: hFindFile=0x6ed9c8, lpFindFileData=0x31e668 | out: lpFindFileData=0x31e668*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Themes", cAlternateFileName="")) returned 0 [0045.145] FindClose (in: hFindFile=0x6ed9c8 | out: hFindFile=0x6ed9c8) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e20b0 | out: hHeap=0x6d0000) returned 1 [0045.145] FindNextFileW (in: hFindFile=0x6ed988, lpFindFileData=0x31e974 | out: lpFindFileData=0x31e974*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x6320600, cFileName="Windows", cAlternateFileName="")) returned 0 [0045.145] FindClose (in: hFindFile=0x6ed988 | out: hFindFile=0x6ed988) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0045.145] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6320600, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0045.145] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.145] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Roaming", cAlternateFileName="")) returned 0 [0045.145] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.145] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0045.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed830 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.145] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0045.145] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Roaming", cAlternateFileName="")) returned 0xffffffff [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.145] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.146] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0045.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.146] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.146] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.146] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0045.146] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0045.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.146] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0045.146] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.146] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.146] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10b1e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x10b1e, lpOverlapped=0x0) returned 1 [0045.156] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.156] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10b1e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x10b1e, lpOverlapped=0x0) returned 1 [0045.157] CloseHandle (hObject=0x38) returned 1 [0045.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0045.157] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\Default\\Contacts\\Administrator.contact.adv" (normalized: "c:\\users\\default\\contacts\\administrator.contact.adv")) returned 1 [0045.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0045.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.157] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.157] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.158] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x19c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x19c, lpOverlapped=0x0) returned 1 [0045.159] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.159] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x19c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x19c, lpOverlapped=0x0) returned 1 [0045.159] CloseHandle (hObject=0x38) returned 1 [0045.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0045.159] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Contacts\\desktop.ini.adv" (normalized: "c:\\users\\default\\contacts\\desktop.ini.adv")) returned 1 [0045.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.159] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.159] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.160] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.160] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.160] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.160] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0045.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.160] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.160] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0045.160] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.160] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.160] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0045.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.160] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.160] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.160] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0045.160] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.160] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.160] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.160] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.161] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0045.162] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.162] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0045.162] CloseHandle (hObject=0x38) returned 1 [0045.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0045.162] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Desktop\\desktop.ini.adv" (normalized: "c:\\users\\default\\desktop\\desktop.ini.adv")) returned 1 [0045.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.162] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.162] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.163] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.163] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.163] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0045.163] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.163] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.163] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.163] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.163] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.163] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0045.164] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x1ca0431, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.164] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.164] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.164] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.164] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.164] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x192, lpOverlapped=0x0) returned 1 [0045.165] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.165] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x192, lpOverlapped=0x0) returned 1 [0045.165] CloseHandle (hObject=0x38) returned 1 [0045.165] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0045.166] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Documents\\desktop.ini.adv" (normalized: "c:\\users\\default\\documents\\desktop.ini.adv")) returned 1 [0045.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.166] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0045.166] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.166] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.166] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.166] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0045.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.167] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.167] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.167] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.167] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.167] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0045.167] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.167] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.167] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.167] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.168] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0045.168] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.168] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.168] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.168] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.168] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.168] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0045.169] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.169] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0045.169] CloseHandle (hObject=0x38) returned 1 [0045.169] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0045.169] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Downloads\\desktop.ini.adv" (normalized: "c:\\users\\default\\downloads\\desktop.ini.adv")) returned 1 [0045.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.170] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.170] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.170] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0045.170] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.170] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.170] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.170] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.170] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.198] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0045.198] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.198] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.198] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.198] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.200] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.201] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x192, lpOverlapped=0x0) returned 1 [0045.202] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.202] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x192, lpOverlapped=0x0) returned 1 [0045.202] CloseHandle (hObject=0x38) returned 1 [0045.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0045.202] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Favorites\\desktop.ini.adv" (normalized: "c:\\users\\default\\favorites\\desktop.ini.adv")) returned 1 [0045.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.203] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="Links", cAlternateFileName="")) returned 1 [0045.203] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.203] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.203] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.203] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0045.203] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0045.203] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.203] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0045.203] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0045.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0045.203] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.203] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x50, lpOverlapped=0x0) returned 1 [0045.204] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.204] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x50, lpOverlapped=0x0) returned 1 [0045.204] CloseHandle (hObject=0x3c) returned 1 [0045.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0045.205] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Favorites\\Links\\desktop.ini.adv" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini.adv")) returned 1 [0045.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0045.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0045.205] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0045.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1fe0 [0045.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0045.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fe0 | out: hHeap=0x6d0000) returned 1 [0045.205] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.206] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xe2, lpOverlapped=0x0) returned 1 [0045.206] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.207] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xe2, lpOverlapped=0x0) returned 1 [0045.207] CloseHandle (hObject=0x3c) returned 1 [0045.207] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0045.207] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.adv" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.adv")) returned 1 [0045.207] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0045.207] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0045.207] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0045.207] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0045.207] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.207] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.207] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0045.207] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0045.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0045.208] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0045.260] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0045.260] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0045.260] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0045.260] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2058 [0045.260] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0045.261] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.261] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.262] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.262] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.262] CloseHandle (hObject=0x3c) returned 1 [0045.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0045.263] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.adv" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.adv")) returned 1 [0045.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0045.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0045.263] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0045.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0045.263] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e2058 [0045.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0045.263] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.264] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.265] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.265] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.265] CloseHandle (hObject=0x3c) returned 1 [0045.265] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f08b0 [0045.265] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.adv" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.adv")) returned 1 [0045.265] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0045.265] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0045.265] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0045.265] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0045.266] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2058 [0045.266] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0045.266] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.266] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.267] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.267] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.267] CloseHandle (hObject=0x3c) returned 1 [0045.267] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0045.267] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.adv" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.adv")) returned 1 [0045.268] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0045.268] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0045.268] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0045.268] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0045.268] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2058 [0045.268] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0045.268] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.268] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.281] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.281] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.281] CloseHandle (hObject=0x3c) returned 1 [0045.281] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0045.281] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.adv" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.adv")) returned 1 [0045.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0045.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0045.282] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0045.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ff0 [0045.282] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2058 [0045.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ff0 | out: hHeap=0x6d0000) returned 1 [0045.282] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.282] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x86, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x86, lpOverlapped=0x0) returned 1 [0045.283] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.283] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x86, lpOverlapped=0x0) returned 1 [0045.283] CloseHandle (hObject=0x3c) returned 1 [0045.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6f08b0 [0045.283] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.adv" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.adv")) returned 1 [0045.284] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0045.284] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2058 | out: hHeap=0x6d0000) returned 1 [0045.284] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0045.284] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0045.284] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.284] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.284] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0045.284] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.284] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.284] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.284] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.284] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0045.284] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.284] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0045.289] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0045.289] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0045.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0045.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.289] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.290] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.291] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.291] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.291] CloseHandle (hObject=0x3c) returned 1 [0045.291] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0045.291] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.adv" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.adv")) returned 1 [0045.291] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0045.291] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.292] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0045.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0045.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.292] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f88 [0045.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.292] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.292] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.293] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.293] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.293] CloseHandle (hObject=0x3c) returned 1 [0045.293] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2040 [0045.293] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.adv" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.adv")) returned 1 [0045.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2040 | out: hHeap=0x6d0000) returned 1 [0045.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.294] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0045.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.294] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0045.294] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.294] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.294] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.295] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.295] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.295] CloseHandle (hObject=0x3c) returned 1 [0045.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0045.296] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.adv" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.adv")) returned 1 [0045.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0045.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.296] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0045.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.296] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0045.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.296] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.297] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.297] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.298] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.298] CloseHandle (hObject=0x3c) returned 1 [0045.298] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0045.298] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.adv" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.adv")) returned 1 [0045.298] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0045.298] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.298] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0045.298] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.298] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0045.298] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.298] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.299] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.300] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.300] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.300] CloseHandle (hObject=0x3c) returned 1 [0045.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0045.300] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.adv" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.adv")) returned 1 [0045.300] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0045.300] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.300] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0045.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0045.300] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.300] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.301] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.302] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.302] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.302] CloseHandle (hObject=0x3c) returned 1 [0045.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0045.302] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.adv" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.adv")) returned 1 [0045.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0045.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.303] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0045.303] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0045.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0045.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.303] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0045.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.303] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0045.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.303] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0045.305] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0045.305] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0045.305] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.305] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0045.305] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.305] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f88 [0045.305] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.305] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.305] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.306] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.306] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.306] CloseHandle (hObject=0x3c) returned 1 [0045.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2040 [0045.307] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.adv" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.adv")) returned 1 [0045.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2040 | out: hHeap=0x6d0000) returned 1 [0045.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.307] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0045.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0045.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.307] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f88 [0045.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.307] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.308] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.309] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.309] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.309] CloseHandle (hObject=0x3c) returned 1 [0045.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2040 [0045.309] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.adv" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.adv")) returned 1 [0045.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2040 | out: hHeap=0x6d0000) returned 1 [0045.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.309] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0045.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb890 [0045.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x6e1f88 [0045.310] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.310] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.310] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.311] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.311] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.311] CloseHandle (hObject=0x3c) returned 1 [0045.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2040 [0045.311] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.adv" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.adv")) returned 1 [0045.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2040 | out: hHeap=0x6d0000) returned 1 [0045.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.312] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0045.312] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f88 [0045.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb890 | out: hHeap=0x6d0000) returned 1 [0045.312] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.312] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.313] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.313] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x85, lpOverlapped=0x0) returned 1 [0045.313] CloseHandle (hObject=0x3c) returned 1 [0045.313] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.adv" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.adv")) returned 1 [0045.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2040 | out: hHeap=0x6d0000) returned 1 [0045.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.314] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 0 [0045.314] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0045.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0045.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.314] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0045.314] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.314] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Links", cAlternateFileName="")) returned 1 [0045.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.314] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0045.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.314] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.321] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0045.321] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.321] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee0 [0045.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.321] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.322] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x244, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x244, lpOverlapped=0x0) returned 1 [0045.323] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.323] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x244, lpOverlapped=0x0) returned 1 [0045.323] CloseHandle (hObject=0x38) returned 1 [0045.323] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed830 [0045.323] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Links\\desktop.ini.adv" (normalized: "c:\\users\\default\\links\\desktop.ini.adv")) returned 1 [0045.323] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.323] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.323] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1d3, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0045.323] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.323] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee0 [0045.324] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.324] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.324] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1d3, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1d3, lpOverlapped=0x0) returned 1 [0045.325] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.325] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1d3, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1d3, lpOverlapped=0x0) returned 1 [0045.325] CloseHandle (hObject=0x38) returned 1 [0045.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed830 [0045.326] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\Default\\Links\\Desktop.lnk.adv" (normalized: "c:\\users\\default\\links\\desktop.lnk.adv")) returned 1 [0045.326] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.326] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.326] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0045.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee0 [0045.326] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.326] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.327] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x37e, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x37e, lpOverlapped=0x0) returned 1 [0045.328] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.328] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x37e, lpOverlapped=0x0) returned 1 [0045.328] CloseHandle (hObject=0x38) returned 1 [0045.328] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed830 [0045.329] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\Default\\Links\\Downloads.lnk.adv" (normalized: "c:\\users\\default\\links\\downloads.lnk.adv")) returned 1 [0045.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.329] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0045.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee0 [0045.329] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.329] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.329] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x16b, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x16b, lpOverlapped=0x0) returned 1 [0045.330] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.330] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x16b, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x16b, lpOverlapped=0x0) returned 1 [0045.331] CloseHandle (hObject=0x38) returned 1 [0045.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6ed830 [0045.331] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), lpNewFileName="C:\\Users\\Default\\Links\\RecentPlaces.lnk.adv" (normalized: "c:\\users\\default\\links\\recentplaces.lnk.adv")) returned 1 [0045.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.331] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0045.331] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.331] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0045.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.331] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1ed8 [0045.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.332] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="RecentPlaces.lnk", cAlternateFileName="")) returned 0xffffffff [0045.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.332] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Music", cAlternateFileName="")) returned 1 [0045.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0045.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.332] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.332] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="..", cAlternateFileName="")) returned 1 [0045.332] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.332] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee0 [0045.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.332] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.333] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0045.333] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.334] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0045.334] CloseHandle (hObject=0x38) returned 1 [0045.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed830 [0045.334] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Music\\desktop.ini.adv" (normalized: "c:\\users\\default\\music\\desktop.ini.adv")) returned 1 [0045.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.334] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.334] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.334] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0045.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.335] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0045.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.335] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0045.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.335] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x62fa4a0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0045.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.335] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0045.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.335] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.335] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0045.335] ReadFile (in: hFile=0x34, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xc0000, lpNumberOfBytesRead=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f518*=0xc0000, lpOverlapped=0x0) returned 1 [0045.344] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.344] WriteFile (in: hFile=0x34, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xc0000, lpNumberOfBytesWritten=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f518*=0xc0000, lpOverlapped=0x0) returned 1 [0045.346] CloseHandle (hObject=0x34) returned 1 [0045.346] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.346] MoveFileW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT.adv" (normalized: "c:\\users\\default\\ntuser.dat.adv")) returned 1 [0045.346] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.346] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.346] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0045.346] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.346] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.346] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.346] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0045.347] ReadFile (in: hFile=0x34, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f518*=0x400, lpOverlapped=0x0) returned 1 [0045.349] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.349] WriteFile (in: hFile=0x34, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f518*=0x400, lpOverlapped=0x0) returned 1 [0045.349] CloseHandle (hObject=0x34) returned 1 [0045.349] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0045.349] MoveFileW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT.LOG.adv" (normalized: "c:\\users\\default\\ntuser.dat.log.adv")) returned 1 [0045.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.349] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.350] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x674ac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e400, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0045.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.350] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed830 [0045.350] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.350] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0045.350] ReadFile (in: hFile=0x34, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x2e400, lpNumberOfBytesRead=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f518*=0x2e400, lpOverlapped=0x0) returned 1 [0045.354] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.354] WriteFile (in: hFile=0x34, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x2e400, lpNumberOfBytesWritten=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f518*=0x2e400, lpOverlapped=0x0) returned 1 [0045.354] CloseHandle (hObject=0x34) returned 1 [0045.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0045.355] MoveFileW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1.adv" (normalized: "c:\\users\\default\\ntuser.dat.log1.adv")) returned 1 [0045.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.355] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x9012aa61, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0045.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed830 [0045.355] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.355] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0045.356] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.356] CloseHandle (hObject=0x34) returned 1 [0045.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0045.356] MoveFileW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT.LOG2.adv" (normalized: "c:\\users\\default\\ntuser.dat.log2.adv")) returned 1 [0045.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.357] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8d30919, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8d30919, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0045.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.357] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6e1e90 [0045.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.357] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0045.357] ReadFile (in: hFile=0x34, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f518*=0x10000, lpOverlapped=0x0) returned 1 [0045.360] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.360] WriteFile (in: hFile=0x34, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f518*=0x10000, lpOverlapped=0x0) returned 1 [0045.360] CloseHandle (hObject=0x34) returned 1 [0045.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6ed7f8 [0045.360] MoveFileW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.adv" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.adv")) returned 1 [0045.361] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.361] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.361] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8da2d3a, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8da2d3a, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8e8757c, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0045.361] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.361] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e1e90 [0045.361] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.361] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0045.361] ReadFile (in: hFile=0x34, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x80000, lpNumberOfBytesRead=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f518*=0x80000, lpOverlapped=0x0) returned 1 [0045.369] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.369] WriteFile (in: hFile=0x34, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x80000, lpNumberOfBytesWritten=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f518*=0x80000, lpOverlapped=0x0) returned 1 [0045.370] CloseHandle (hObject=0x34) returned 1 [0045.370] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e1f78 [0045.370] MoveFileW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.adv" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.adv")) returned 1 [0045.371] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f78 | out: hHeap=0x6d0000) returned 1 [0045.371] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.371] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8deeffb, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8deeffb, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0045.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x6e1e90 [0045.371] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.371] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0045.371] ReadFile (in: hFile=0x34, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x80000, lpNumberOfBytesRead=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f518*=0x80000, lpOverlapped=0x0) returned 1 [0045.378] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.378] WriteFile (in: hFile=0x34, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x80000, lpNumberOfBytesWritten=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f518*=0x80000, lpOverlapped=0x0) returned 1 [0045.380] CloseHandle (hObject=0x34) returned 1 [0045.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x6e1f78 [0045.380] MoveFileW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.adv" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.adv")) returned 1 [0045.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f78 | out: hHeap=0x6d0000) returned 1 [0045.380] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.380] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0045.380] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.381] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.381] CreateFileW (lpFileName="C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0045.381] ReadFile (in: hFile=0x34, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x14, lpNumberOfBytesRead=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f518*=0x14, lpOverlapped=0x0) returned 1 [0045.382] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.382] WriteFile (in: hFile=0x34, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f518*=0x14, lpOverlapped=0x0) returned 1 [0045.382] CloseHandle (hObject=0x34) returned 1 [0045.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.382] MoveFileW (lpExistingFileName="C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), lpNewFileName="C:\\Users\\Default\\ntuser.ini.adv" (normalized: "c:\\users\\default\\ntuser.ini.adv")) returned 1 [0045.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.383] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0045.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.383] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.383] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x42, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.384] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x42, cFileName="..", cAlternateFileName="")) returned 1 [0045.384] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x42, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.384] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.384] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.384] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0045.385] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.385] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0045.385] CloseHandle (hObject=0x38) returned 1 [0045.385] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0045.385] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Pictures\\desktop.ini.adv" (normalized: "c:\\users\\default\\pictures\\desktop.ini.adv")) returned 1 [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.386] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x42, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.386] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.386] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0045.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.386] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x42, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.386] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Recent", cAlternateFileName="")) returned 1 [0045.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.386] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x42, cFileName="desktop.ini", cAlternateFileName="ọ眹鏯t￾￿㡺眵㑲眵?n\x03")) returned 0xffffffff [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.386] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.387] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0045.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.387] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x42, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.387] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x42, cFileName="..", cAlternateFileName="")) returned 1 [0045.387] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x42, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0045.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.387] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.387] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0045.388] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.388] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x11a, lpOverlapped=0x0) returned 1 [0045.388] CloseHandle (hObject=0x38) returned 1 [0045.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0045.389] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Saved Games\\desktop.ini.adv" (normalized: "c:\\users\\default\\saved games\\desktop.ini.adv")) returned 1 [0045.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.389] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x42, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.389] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.389] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Searches", cAlternateFileName="")) returned 1 [0045.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.389] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x42, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.391] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x42, cFileName="..", cAlternateFileName="")) returned 1 [0045.392] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x42, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.392] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1f20 [0045.392] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.392] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.392] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x20c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x20c, lpOverlapped=0x0) returned 1 [0045.393] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.393] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x20c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x20c, lpOverlapped=0x0) returned 1 [0045.394] CloseHandle (hObject=0x38) returned 1 [0045.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f88 [0045.396] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Searches\\desktop.ini.adv" (normalized: "c:\\users\\default\\searches\\desktop.ini.adv")) returned 1 [0045.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f88 | out: hHeap=0x6d0000) returned 1 [0045.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.396] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x42, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0045.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f20 [0045.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.397] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f20 | out: hHeap=0x6d0000) returned 1 [0045.397] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x42, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0045.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1ed8 [0045.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0045.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.397] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0045.397] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x42, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0045.397] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.397] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0045.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.397] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0045.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.397] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x42, cFileName="Indexed Locations.search-ms", cAlternateFileName="ọ眹鏯t￾￿㡺眵㑲眵?n\x03")) returned 0xffffffff [0045.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.397] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.398] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x42, cFileName="Indexed Locations.search-ms", cAlternateFileName="")) returned 0xffffffff [0045.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.398] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.398] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Templates\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x42, cFileName="Indexed Locations.search-ms", cAlternateFileName="")) returned 0xffffffff [0045.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.398] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Videos", cAlternateFileName="")) returned 1 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0045.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.398] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x42, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.398] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x42, cFileName="..", cAlternateFileName="")) returned 1 [0045.398] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x42, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed830 [0045.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1ee0 [0045.398] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x68) returned 0x6ed830 [0045.399] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.399] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.399] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0045.400] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.400] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x1f8, lpOverlapped=0x0) returned 1 [0045.400] CloseHandle (hObject=0x38) returned 1 [0045.400] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee0 [0045.400] MoveFileW (lpExistingFileName="C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Videos\\desktop.ini.adv" (normalized: "c:\\users\\default\\videos\\desktop.ini.adv")) returned 1 [0045.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.401] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x42, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.401] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.401] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Videos", cAlternateFileName="")) returned 0 [0045.401] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0045.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67b8 | out: hHeap=0x6d0000) returned 1 [0045.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0045.401] FindNextFileW (in: hFindFile=0x6e1e50, lpFindFileData=0x31f5a4 | out: lpFindFileData=0x31f5a4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0045.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0450 [0045.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e6780 [0045.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0450 | out: hHeap=0x6d0000) returned 1 [0045.401] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e67b8 [0045.401] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*", lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x28c670c0, cFileName="Videos", cAlternateFileName="")) returned 0xffffffff [0045.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67b8 | out: hHeap=0x6d0000) returned 1 [0045.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0045.402] FindNextFileW (in: hFindFile=0x6e1e50, lpFindFileData=0x31f5a4 | out: lpFindFileData=0x31f5a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0450 [0045.402] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e6780 [0045.402] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0450 | out: hHeap=0x6d0000) returned 1 [0045.402] CreateFileW (lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x30 [0045.402] ReadFile (in: hFile=0x30, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31f824, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f824*=0xae, lpOverlapped=0x0) returned 1 [0045.403] SetFilePointer (in: hFile=0x30, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.403] WriteFile (in: hFile=0x30, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31f824, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f824*=0xae, lpOverlapped=0x0) returned 1 [0045.403] CloseHandle (hObject=0x30) returned 1 [0045.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6ed7f8 [0045.403] MoveFileW (lpExistingFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), lpNewFileName="C:\\Users\\desktop.ini.adv" (normalized: "c:\\users\\desktop.ini.adv")) returned 1 [0045.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0045.403] FindNextFileW (in: hFindFile=0x6e1e50, lpFindFileData=0x31f5a4 | out: lpFindFileData=0x31f5a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="Public", cAlternateFileName="")) returned 1 [0045.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0450 [0045.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0045.403] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e6780 [0045.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0045.404] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName=".", cAlternateFileName="")) returned 0x6ed8c8 [0045.404] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="..", cAlternateFileName="")) returned 1 [0045.404] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Desktop", cAlternateFileName="")) returned 1 [0045.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0045.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e67b8 [0045.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0045.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed830 [0045.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.404] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x917fa2ee, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.404] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1ca0431, dwReserved1=0x917fa2ee, cFileName="..", cAlternateFileName="")) returned 1 [0045.404] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0x1ca0431, dwReserved1=0x917fa2ee, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0045.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0045.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.404] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x68) returned 0x6e1ee0 [0045.404] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.404] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.404] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x7e9, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x7e9, lpOverlapped=0x0) returned 1 [0045.405] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.405] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x7e9, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x7e9, lpOverlapped=0x0) returned 1 [0045.405] CloseHandle (hObject=0x38) returned 1 [0045.405] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f50 [0045.405] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.adv" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk.adv")) returned 1 [0045.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f50 | out: hHeap=0x6d0000) returned 1 [0045.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.406] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x1ca0431, dwReserved1=0x917fa2ee, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0045.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x68) returned 0x6e1ee0 [0045.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.406] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.407] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xae, lpOverlapped=0x0) returned 1 [0045.407] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.407] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xae, lpOverlapped=0x0) returned 1 [0045.407] CloseHandle (hObject=0x38) returned 1 [0045.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f50 [0045.408] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Desktop\\desktop.ini.adv" (normalized: "c:\\users\\public\\desktop\\desktop.ini.adv")) returned 1 [0045.408] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f50 | out: hHeap=0x6d0000) returned 1 [0045.408] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.408] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0x1ca0431, dwReserved1=0x917fa2ee, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0045.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0045.408] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x68) returned 0x6e1ee0 [0045.408] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.408] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.409] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8d1, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x8d1, lpOverlapped=0x0) returned 1 [0045.409] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.409] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8d1, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x8d1, lpOverlapped=0x0) returned 1 [0045.409] CloseHandle (hObject=0x38) returned 1 [0045.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f50 [0045.410] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk.adv" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk.adv")) returned 1 [0045.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f50 | out: hHeap=0x6d0000) returned 1 [0045.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.410] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x1ca0431, dwReserved1=0x917fa2ee, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0045.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6ed7f8 [0045.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6e1e90 [0045.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x68) returned 0x6e1ee0 [0045.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.410] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.411] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x485, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x485, lpOverlapped=0x0) returned 1 [0045.411] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.411] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x485, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x485, lpOverlapped=0x0) returned 1 [0045.412] CloseHandle (hObject=0x38) returned 1 [0045.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f50 [0045.412] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.adv" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk.adv")) returned 1 [0045.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f50 | out: hHeap=0x6d0000) returned 1 [0045.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee0 | out: hHeap=0x6d0000) returned 1 [0045.412] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x1ca0431, dwReserved1=0x917fa2ee, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 0 [0045.412] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed830 | out: hHeap=0x6d0000) returned 1 [0045.412] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67b8 | out: hHeap=0x6d0000) returned 1 [0045.412] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x4, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0045.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e67b8 [0045.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0045.413] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed7f8 [0045.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67b8 | out: hHeap=0x6d0000) returned 1 [0045.413] CreateFileW (lpFileName="C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x34 [0045.413] ReadFile (in: hFile=0x34, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f518*=0xae, lpOverlapped=0x0) returned 1 [0045.414] SetFilePointer (in: hFile=0x34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.414] WriteFile (in: hFile=0x34, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31f518, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f518*=0xae, lpOverlapped=0x0) returned 1 [0045.414] CloseHandle (hObject=0x34) returned 1 [0045.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6ed848 [0045.414] MoveFileW (lpExistingFileName="C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\desktop.ini.adv" (normalized: "c:\\users\\public\\desktop.ini.adv")) returned 1 [0045.417] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed848 | out: hHeap=0x6d0000) returned 1 [0045.417] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.417] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0045.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0045.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e67b8 [0045.418] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0045.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed7f8 [0045.418] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e67b8 | out: hHeap=0x6d0000) returned 1 [0045.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6ed848 [0045.418] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.422] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4b, cFileName="..", cAlternateFileName="")) returned 1 [0045.422] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x4b, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.422] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.423] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1ed8 [0045.423] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.423] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.423] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x116, lpOverlapped=0x0) returned 1 [0045.424] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.424] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x116, lpOverlapped=0x0) returned 1 [0045.424] CloseHandle (hObject=0x38) returned 1 [0045.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f40 [0045.424] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Documents\\desktop.ini.adv" (normalized: "c:\\users\\public\\documents\\desktop.ini.adv")) returned 1 [0045.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.425] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4b, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0045.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1ed8 [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f40 [0045.425] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.425] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4b, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0045.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1ed8 [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f40 [0045.425] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.425] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4b, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0045.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1ed8 [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1f40 [0045.425] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.425] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4b, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0045.425] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.425] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed848 | out: hHeap=0x6d0000) returned 1 [0045.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.426] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0045.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0045.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e3790 [0045.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0045.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed7f8 [0045.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3790 | out: hHeap=0x6d0000) returned 1 [0045.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6ed848 [0045.426] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.426] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="..", cAlternateFileName="")) returned 1 [0045.426] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.426] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1ed8 [0045.426] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.426] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.426] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0xae, lpOverlapped=0x0) returned 1 [0045.427] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.427] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0xae, lpOverlapped=0x0) returned 1 [0045.427] CloseHandle (hObject=0x38) returned 1 [0045.427] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f40 [0045.428] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Downloads\\desktop.ini.adv" (normalized: "c:\\users\\public\\downloads\\desktop.ini.adv")) returned 1 [0045.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0045.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.428] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0045.428] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed848 | out: hHeap=0x6d0000) returned 1 [0045.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.428] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0045.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0045.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e3790 [0045.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0045.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed7f8 [0045.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3790 | out: hHeap=0x6d0000) returned 1 [0045.428] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6ed848 [0045.428] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.429] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="..", cAlternateFileName="")) returned 1 [0045.429] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="..", cAlternateFileName="")) returned 0 [0045.429] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed848 | out: hHeap=0x6d0000) returned 1 [0045.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.429] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0045.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0045.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e3790 [0045.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0045.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed7f8 [0045.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3790 | out: hHeap=0x6d0000) returned 1 [0045.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6ed848 [0045.429] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.429] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="..", cAlternateFileName="")) returned 1 [0045.429] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1ed8 [0045.429] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.429] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.430] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x58, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x58, lpOverlapped=0x0) returned 1 [0045.431] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.431] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x58, lpOverlapped=0x0) returned 1 [0045.431] CloseHandle (hObject=0x38) returned 1 [0045.431] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f40 [0045.431] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Libraries\\desktop.ini.adv" (normalized: "c:\\users\\public\\libraries\\desktop.ini.adv")) returned 1 [0045.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0045.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.432] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0045.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0045.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ed8 [0045.432] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.432] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.432] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x36c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x36c, lpOverlapped=0x0) returned 1 [0045.433] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.434] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x36c, lpOverlapped=0x0) returned 1 [0045.434] CloseHandle (hObject=0x38) returned 1 [0045.434] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0045.434] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.adv" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.adv")) returned 1 [0045.434] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0045.434] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0045.434] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 0 [0045.434] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0045.434] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed848 | out: hHeap=0x6d0000) returned 1 [0045.434] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.434] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Music", cAlternateFileName="")) returned 1 [0045.434] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0045.434] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e3790 [0045.434] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0045.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e37c8 [0045.435] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0045.435] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="..", cAlternateFileName="")) returned 1 [0045.435] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e3800 [0045.435] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed7f8 [0045.435] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3800 | out: hHeap=0x6d0000) returned 1 [0045.435] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0045.435] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x17c, lpOverlapped=0x0) returned 1 [0045.436] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.436] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x17c, lpOverlapped=0x0) returned 1 [0045.436] CloseHandle (hObject=0x38) returned 1 [0045.436] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed850 [0045.436] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Music\\desktop.ini.adv" (normalized: "c:\\users\\public\\music\\desktop.ini.adv")) returned 1 [0045.437] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed850 | out: hHeap=0x6d0000) returned 1 [0045.437] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0045.437] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0045.437] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e3800 [0045.437] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed7f8 [0045.437] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3800 | out: hHeap=0x6d0000) returned 1 [0045.437] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed850 [0045.437] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x49, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0045.438] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x49, cFileName="..", cAlternateFileName="")) returned 1 [0045.438] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x49, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0045.438] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0045.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0045.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.439] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.440] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x24a, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x24a, lpOverlapped=0x0) returned 1 [0045.440] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.441] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x24a, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x24a, lpOverlapped=0x0) returned 1 [0045.441] CloseHandle (hObject=0x3c) returned 1 [0045.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0045.441] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.adv" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini.adv")) returned 1 [0045.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0045.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0045.441] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0x0, dwReserved1=0x49, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0045.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0045.441] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0045.441] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.441] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.442] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8064f1, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x8064f1, lpOverlapped=0x0) returned 1 [0045.619] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.619] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8064f1, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x8064f1, lpOverlapped=0x0) returned 1 [0045.816] CloseHandle (hObject=0x3c) returned 1 [0045.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0045.816] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.adv" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.adv")) returned 1 [0045.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0045.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0045.817] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2, dwReserved0=0x0, dwReserved1=0x49, cFileName="Maid with the Flaxen Hair.mp3", cAlternateFileName="MAIDWI~1.MP3")) returned 1 [0045.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0045.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1ee8 [0045.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0045.817] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0045.818] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x3ec5d2, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x3ec5d2, lpOverlapped=0x0) returned 1 [0045.971] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0045.971] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x3ec5d2, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x3ec5d2, lpOverlapped=0x0) returned 1 [0046.058] CloseHandle (hObject=0x3c) returned 1 [0046.058] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e1f80 [0046.058] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.adv" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.adv")) returned 1 [0046.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f80 | out: hHeap=0x6d0000) returned 1 [0046.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0046.059] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x49, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 1 [0046.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0046.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0046.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0046.059] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0046.060] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x49e459, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x49e459, lpOverlapped=0x0) returned 1 [0046.196] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.197] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x49e459, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x49e459, lpOverlapped=0x0) returned 1 [0046.286] CloseHandle (hObject=0x3c) returned 1 [0046.286] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0046.286] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.adv" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.adv")) returned 1 [0046.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0046.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0046.287] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x49, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 0 [0046.287] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0046.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed850 | out: hHeap=0x6d0000) returned 1 [0046.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0046.287] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0046.287] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0046.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e37c8 | out: hHeap=0x6d0000) returned 1 [0046.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3790 | out: hHeap=0x6d0000) returned 1 [0046.287] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Pictures", cAlternateFileName="")) returned 1 [0046.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0046.287] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e3790 [0046.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0046.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed7f8 [0046.288] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3790 | out: hHeap=0x6d0000) returned 1 [0046.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6ed848 [0046.288] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0046.323] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="..", cAlternateFileName="")) returned 1 [0046.323] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0046.323] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0046.323] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1ed8 [0046.323] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0046.323] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0046.324] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x17c, lpOverlapped=0x0) returned 1 [0046.325] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.325] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x17c, lpOverlapped=0x0) returned 1 [0046.325] CloseHandle (hObject=0x38) returned 1 [0046.325] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f40 [0046.325] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Pictures\\desktop.ini.adv" (normalized: "c:\\users\\public\\pictures\\desktop.ini.adv")) returned 1 [0046.326] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0046.326] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0046.326] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0046.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0046.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ed8 [0046.326] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0046.326] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f40 [0046.326] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x26, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0046.525] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x26, cFileName="..", cAlternateFileName="")) returned 1 [0046.525] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0x0, dwReserved1=0x26, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0046.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0046.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0046.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0046.525] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0046.527] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xd6b22, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xd6b22, lpOverlapped=0x0) returned 1 [0046.860] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0046.860] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xd6b22, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xd6b22, lpOverlapped=0x0) returned 1 [0046.862] CloseHandle (hObject=0x3c) returned 1 [0046.862] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0046.862] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.adv" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.adv")) returned 1 [0046.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0046.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0046.864] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0x0, dwReserved1=0x26, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0046.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0046.864] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0046.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0046.864] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0046.864] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xce875, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xce875, lpOverlapped=0x0) returned 1 [0047.580] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.580] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xce875, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xce875, lpOverlapped=0x0) returned 1 [0047.582] CloseHandle (hObject=0x3c) returned 1 [0047.582] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0047.582] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.adv" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.adv")) returned 1 [0047.583] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0047.583] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0047.583] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x26, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0047.583] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0047.583] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0047.583] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0047.583] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0047.585] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x460, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x460, lpOverlapped=0x0) returned 1 [0047.586] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.586] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x460, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x460, lpOverlapped=0x0) returned 1 [0047.586] CloseHandle (hObject=0x3c) returned 1 [0047.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0047.586] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.adv" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini.adv")) returned 1 [0047.587] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0047.587] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0047.587] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0x0, dwReserved1=0x26, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0047.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0047.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0047.587] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0047.587] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0047.587] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x91554, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x91554, lpOverlapped=0x0) returned 1 [0047.594] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.594] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x91554, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x91554, lpOverlapped=0x0) returned 1 [0047.595] CloseHandle (hObject=0x3c) returned 1 [0047.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0047.595] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.adv" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.adv")) returned 1 [0047.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0047.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0047.596] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0x0, dwReserved1=0x26, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0047.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0047.596] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0047.596] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0047.596] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0047.597] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbd616, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xbd616, lpOverlapped=0x0) returned 1 [0047.605] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.605] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbd616, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xbd616, lpOverlapped=0x0) returned 1 [0047.607] CloseHandle (hObject=0x3c) returned 1 [0047.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0047.607] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.adv" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.adv")) returned 1 [0047.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0047.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0047.608] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0x0, dwReserved1=0x26, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0047.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0047.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0047.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0047.608] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0047.608] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbea1f, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xbea1f, lpOverlapped=0x0) returned 1 [0047.621] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.621] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbea1f, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xbea1f, lpOverlapped=0x0) returned 1 [0047.623] CloseHandle (hObject=0x3c) returned 1 [0047.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0047.623] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.adv" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.adv")) returned 1 [0047.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0047.623] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0047.623] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0x0, dwReserved1=0x26, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0047.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0047.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0047.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0047.624] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0047.644] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x8907c, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x8907c, lpOverlapped=0x0) returned 1 [0047.653] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.653] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x8907c, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x8907c, lpOverlapped=0x0) returned 1 [0047.654] CloseHandle (hObject=0x3c) returned 1 [0047.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0047.654] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.adv" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.adv")) returned 1 [0047.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0047.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0047.655] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0x0, dwReserved1=0x26, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0047.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0047.655] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0047.655] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0047.655] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0047.655] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xbde6b, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xbde6b, lpOverlapped=0x0) returned 1 [0047.664] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.664] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xbde6b, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xbde6b, lpOverlapped=0x0) returned 1 [0047.665] CloseHandle (hObject=0x3c) returned 1 [0047.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0047.666] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.adv" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.adv")) returned 1 [0047.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0047.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0047.666] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x26, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0047.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0047.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0047.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0047.666] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0047.667] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x97958, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x97958, lpOverlapped=0x0) returned 1 [0047.700] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.701] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x97958, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x97958, lpOverlapped=0x0) returned 1 [0047.702] CloseHandle (hObject=0x3c) returned 1 [0047.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0047.703] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.adv" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.adv")) returned 1 [0047.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0047.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0047.705] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x26, cFileName="Tulips.jpg", cAlternateFileName="")) returned 0 [0047.705] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0047.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0047.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0047.705] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0047.705] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0047.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed848 | out: hHeap=0x6d0000) returned 1 [0047.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0047.705] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0047.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0047.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e3790 [0047.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0047.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed7f8 [0047.705] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3790 | out: hHeap=0x6d0000) returned 1 [0047.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6ed848 [0047.705] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0047.706] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="..", cAlternateFileName="")) returned 1 [0047.706] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0047.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0047.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x5e) returned 0x6e1ed8 [0047.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0047.706] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0047.707] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x50, lpOverlapped=0x0) returned 1 [0047.709] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.709] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x50, lpOverlapped=0x0) returned 1 [0047.709] CloseHandle (hObject=0x38) returned 1 [0047.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f40 [0047.709] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini.adv" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini.adv")) returned 1 [0047.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0047.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0047.709] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0047.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x40) returned 0x6e1e90 [0047.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1ed8 [0047.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0047.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1f40 [0047.710] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0047.710] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0047.710] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0047.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0047.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x6e2010 [0047.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0047.710] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0047.710] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0xab, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0xab, lpOverlapped=0x0) returned 1 [0047.711] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.711] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0xab, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0xab, lpOverlapped=0x0) returned 1 [0047.711] CloseHandle (hObject=0x3c) returned 1 [0047.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e4798 [0047.711] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.adv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini.adv")) returned 1 [0047.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4798 | out: hHeap=0x6d0000) returned 1 [0047.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0047.712] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0047.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x60) returned 0x6e1fa8 [0047.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x6e2010 [0047.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1fa8 | out: hHeap=0x6d0000) returned 1 [0047.712] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0047.712] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x940000, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x940000, lpOverlapped=0x0) returned 1 [0047.893] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0047.893] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x940000, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x940000, lpOverlapped=0x0) returned 1 [0048.005] CloseHandle (hObject=0x3c) returned 1 [0048.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x6f08b0 [0048.005] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.adv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.adv")) returned 1 [0048.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f08b0 | out: hHeap=0x6d0000) returned 1 [0048.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e2010 | out: hHeap=0x6d0000) returned 1 [0048.006] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 0 [0048.006] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0048.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1f40 | out: hHeap=0x6d0000) returned 1 [0048.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ed8 | out: hHeap=0x6d0000) returned 1 [0048.006] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0048.006] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0048.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed848 | out: hHeap=0x6d0000) returned 1 [0048.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0048.006] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Videos", cAlternateFileName="")) returned 1 [0048.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6e0478 [0048.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e3790 [0048.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0478 | out: hHeap=0x6d0000) returned 1 [0048.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e37c8 [0048.006] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x46) returned 0x6ed7f8 [0048.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e37c8 | out: hHeap=0x6d0000) returned 1 [0048.007] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*", lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName=".", cAlternateFileName="")) returned 0x6ed908 [0048.007] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="..", cAlternateFileName="")) returned 1 [0048.007] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0048.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e37c8 [0048.007] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed848 [0048.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e37c8 | out: hHeap=0x6d0000) returned 1 [0048.007] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x38 [0048.007] ReadFile (in: hFile=0x38, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31f20c*=0x17c, lpOverlapped=0x0) returned 1 [0048.008] SetFilePointer (in: hFile=0x38, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0048.008] WriteFile (in: hFile=0x38, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x31f20c, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31f20c*=0x17c, lpOverlapped=0x0) returned 1 [0048.008] CloseHandle (hObject=0x38) returned 1 [0048.008] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0048.008] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Videos\\desktop.ini.adv" (normalized: "c:\\users\\public\\videos\\desktop.ini.adv")) returned 1 [0048.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0048.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed848 | out: hHeap=0x6d0000) returned 1 [0048.009] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0048.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6e37c8 [0048.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6ed848 [0048.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e37c8 | out: hHeap=0x6d0000) returned 1 [0048.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1e90 [0048.009] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e, cFileName=".", cAlternateFileName="")) returned 0x6ed948 [0048.009] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x3e, cFileName="..", cAlternateFileName="")) returned 1 [0048.009] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x3e, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0048.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0048.009] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0048.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0048.009] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0048.009] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x146, lpOverlapped=0x0) returned 1 [0048.012] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0048.012] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x146, lpOverlapped=0x0) returned 1 [0048.012] CloseHandle (hObject=0x3c) returned 1 [0048.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0048.013] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.adv" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini.adv")) returned 1 [0048.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0048.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0048.013] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x3e, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0048.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x50) returned 0x6e1ee8 [0048.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x76) returned 0x6eb810 [0048.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1ee8 | out: hHeap=0x6d0000) returned 1 [0048.013] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c [0048.014] ReadFile (in: hFile=0x3c, lpBuffer=0x7d0020, nNumberOfBytesToRead=0x1907b8a, lpNumberOfBytesRead=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesRead=0x31ef00*=0x1907b8a, lpOverlapped=0x0) returned 1 [0048.993] SetFilePointer (in: hFile=0x3c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0048.993] WriteFile (in: hFile=0x3c, lpBuffer=0x7d0020*, nNumberOfBytesToWrite=0x1907b8a, lpNumberOfBytesWritten=0x31ef00, lpOverlapped=0x0 | out: lpBuffer=0x7d0020*, lpNumberOfBytesWritten=0x31ef00*=0x1907b8a, lpOverlapped=0x0) returned 1 [0050.751] CloseHandle (hObject=0x3c) returned 1 [0050.752] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x70) returned 0x6ea810 [0050.752] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.adv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.adv")) returned 1 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ea810 | out: hHeap=0x6d0000) returned 1 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6eb810 | out: hHeap=0x6d0000) returned 1 [0050.753] FindNextFileW (in: hFindFile=0x6ed948, lpFindFileData=0x31ec80 | out: lpFindFileData=0x31ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x3e, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 0 [0050.753] FindClose (in: hFindFile=0x6ed948 | out: hFindFile=0x6ed948) returned 1 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1e90 | out: hHeap=0x6d0000) returned 1 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed848 | out: hHeap=0x6d0000) returned 1 [0050.753] FindNextFileW (in: hFindFile=0x6ed908, lpFindFileData=0x31ef8c | out: lpFindFileData=0x31ef8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7ff, dwReserved1=0x4b, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0050.753] FindClose (in: hFindFile=0x6ed908 | out: hFindFile=0x6ed908) returned 1 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed7f8 | out: hHeap=0x6d0000) returned 1 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3790 | out: hHeap=0x6d0000) returned 1 [0050.753] FindNextFileW (in: hFindFile=0x6ed8c8, lpFindFileData=0x31f298 | out: lpFindFileData=0x31f298*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4, cFileName="Videos", cAlternateFileName="")) returned 0 [0050.753] FindClose (in: hFindFile=0x6ed8c8 | out: hFindFile=0x6ed8c8) returned 1 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e6780 | out: hHeap=0x6d0000) returned 1 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0450 | out: hHeap=0x6d0000) returned 1 [0050.753] FindNextFileW (in: hFindFile=0x6e1e50, lpFindFileData=0x31f5a4 | out: lpFindFileData=0x31f5a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="Public", cAlternateFileName="")) returned 0 [0050.753] FindClose (in: hFindFile=0x6e1e50 | out: hFindFile=0x6e1e50) returned 1 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0400 | out: hHeap=0x6d0000) returned 1 [0050.753] GetModuleHandleW (lpModuleName=0x0) returned 0x3b0000 [0050.753] GetModuleHandleW (lpModuleName=0x0) returned 0x3b0000 [0050.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0aa0 | out: hHeap=0x6d0000) returned 1 [0050.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e1648 | out: hHeap=0x6d0000) returned 1 [0050.754] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2", hFile=0x0, dwFlags=0x800) returned 0x0 [0050.754] GetLastError () returned 0x57 [0050.754] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x31f818 | out: phModule=0x31f818) returned 0 [0050.754] ExitProcess (uExitCode=0x0) [0050.755] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6def00 | out: hHeap=0x6d0000) returned 1